VYPR

Jenkins Extensive Testing Plugin

by Jenkins Project

CVEs (3)

  • CVE-2019-10448HigOct 16, 2019
    risk 0.57cvss 8.8epss 0.01

    Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

  • CVE-2023-41947MedSep 6, 2023
    risk 0.28cvss 4.3epss 0.00

    A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.

  • CVE-2023-41946LowSep 6, 2023
    risk 0.23cvss 3.5epss 0.00

    A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the…