Vulnerabilities > Jenkins > Elastest

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-2274 Cleartext Storage of Sensitive Information vulnerability in Jenkins Elastest
Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-312
5.5
2020-09-16 CVE-2020-2273 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Elastest
A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-352
4.3
2020-09-16 CVE-2020-2272 Missing Authorization vulnerability in Jenkins Elastest
A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
network
low complexity
jenkins CWE-862
4.3