Vulnerabilities > Jenkins > Zephyr FOR Jira Test Management > 1.3

DATE CVE VULNERABILITY TITLE RISK
2020-07-02 CVE-2020-2216 Missing Authorization vulnerability in Jenkins Zephyr for Jira Test Management
A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password.
network
low complexity
jenkins CWE-862
4.3
4.3
2020-07-02 CVE-2020-2215 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Zephyr for Jira Test Management
A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified username and password.
network
low complexity
jenkins CWE-352
4.3
4.3
2020-03-09 CVE-2020-2154 Cleartext Storage of Sensitive Information vulnerability in Jenkins Zephyr for Jira Test Management
Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores its credentials in plain text in a global configuration file on the Jenkins master file system.
local
low complexity
jenkins CWE-312
5.5
5.5