CVE-2023-28675

2023-03-2311:26:04

jenkins

www.cve.org

jenkins

octoperf

load testing plugin

security vulnerability

permission check

attacker-specified credentials

cve-2023-28675

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.9%

JSON

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins OctoPerf Load Testing Plugin Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "4.5.2",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]