CVE-2023-30526

Name of the Vulnerable Software and Affected Versions Jenkins Report Portal Plugin versions 0.5 and earlier

Description A missing permission check in the Jenkins Report Portal Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. This issue also results in a cross-site request forgery (CSRF) vulnerability, as the form validation method does not require POST requests.

Recommendations For Jenkins Report Portal Plugin versions 0.5 and earlier, consider disabling the form validation method until a patch is available to prevent exploitation. Restrict access to the plugin to minimize the risk of attackers connecting to attacker-specified URLs using bearer token authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.