Jenkins: >> Zephyr For Jira Test Management >> 1.2 Security Vulnerabilities
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
CVSS Score
4.3
EPSS Score
0.004
Published
2020-07-02
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.
CVSS Score
4.3
EPSS Score
0.0
Published
2020-07-02
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-03-09