CVE-2023-30523

MEDIUM

Jenkins Report Portal < 0.5 - Cleartext Storage

Title source: rule

Description

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

References (2)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2023/04/13/3

[Vendor Advisory] https://www.jenkins.io/security/advisory/2023-04-12/#SECURITY-2945

Scores

CVSS v3 4.3

EPSS 0.0019

EPSS Percentile 40.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-312 CWE-311

Status published

Products (2)

jenkins/report_portal < 0.5

org.jenkins-ci.plugins/reportportal 0Maven

Published Apr 12, 2023

Tracked Since Feb 18, 2026