CVE-2023-30524
Medium
Published: 12 April 2023
Published
12 April 2023
Modified
07 February 2025
KEV Added
—
Patch
—
CVSS Score v3.1
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.0029
52.9th percentile
Risk Priority
9
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2023-30524 is a medium-severity Generation of Incorrect Security Tokens (CWE-1270) vulnerability in Jenkins Report Portal. Its CVSS base score is 4.3 (Medium).
Operationally, ranked in the top 47.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-1329
Vulnerability details
Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
jenkins
report portal
≤ 0.5
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.