Vulnerabilities > Jenkins > Zephyr Enterprise Test Management > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-09 CVE-2020-2145 Insufficiently Protected Credentials vulnerability in Jenkins Zephyr Enterprise Test Management
Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier stores its Zephyr password in plain text on the Jenkins master file system.
local
low complexity
jenkins CWE-522
5.5
2019-04-04 CVE-2019-1003085 Missing Authorization vulnerability in Jenkins Zephyr Enterprise Test Management
A missing permission check in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-862
6.5
2019-04-04 CVE-2019-1003084 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Zephyr Enterprise Test Management
A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptor#doTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server.
network
low complexity
jenkins CWE-352
6.5