Maven package

org.jenkins-ci.plugins/zephyr-enterprise-test-management

pkg:maven/org.jenkins-ci.plugins/zephyr-enterprise-test-management

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-2145	—	< 1.10	1.10	Mar 9, 2020	Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.
CVE-2019-1003085	—	< 1.8	1.8	Apr 4, 2019	A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003084	—	< 1.8	1.8	Apr 4, 2019	A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.

CVE-2020-2145Mar 9, 2020
affected < 1.10fixed 1.10
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.
CVE-2019-1003085Apr 4, 2019
affected < 1.8fixed 1.8
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
CVE-2019-1003084Apr 4, 2019
affected < 1.8fixed 1.8
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.