Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-qgw9-vgrf-h723

GitHub Security Advisory

Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job `config.xml` files on the Jenkins controller as part of its configuration.

These tokens can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Additionally, the configuration form does not mask these tokens, increasing the potential for attackers to observe and capture them.

Affected Packages

Maven org.jenkins-ci.plugins:reportportal
Affected versions: 0 (last affected: 0.5)

Related CVEs

CVE-2023-30523

Key Information

GHSA ID
GHSA-qgw9-vgrf-h723
Published
April 12, 2023 6:30 PM
Last Modified
April 12, 2023 10:18 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:reportportal
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 6, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.