CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30524
https://notcve.org/view.php?id=CVE-2023-30524
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30523
https://notcve.org/view.php?id=CVE-2023-30523
Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30522
https://notcve.org/view.php?id=CVE-2023-30522
A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2873 • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30521
https://notcve.org/view.php?id=CVE-2023-30521
A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2872 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30520
https://notcve.org/view.php?id=CVE-2023-30520
Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads. • http://www.openwall.com/lists/oss-security/2023/04/13/3 https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2850 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •