Vulnerabilities > Jenkins > Zephyr Enterprise Test Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-09 | CVE-2020-2145 | Insufficiently Protected Credentials vulnerability in Jenkins Zephyr Enterprise Test Management Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system. | 5.5 |
| 2019-04-04 | CVE-2019-1003085 | Missing Authorization vulnerability in Jenkins Zephyr Enterprise Test Management A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server. | 6.5 |
| 2019-04-04 | CVE-2019-1003084 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Zephyr Enterprise Test Management A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server. | 6.5 |