Unauthorized Access Vulnerability in Jenkins TestQuality Updater Plugin
CVE-2023-24453
6.5MEDIUM
Key Information:
- Vendor
- Jenkins
- Vendor
- CVE Published:
- 26 January 2023
Summary
A security flaw in the Jenkins TestQuality Updater Plugin 1.3 and earlier enables attackers with Overall/Read permissions to exploit the system. By introducing a missing check, the vulnerability allows these unauthorized users to connect to any specified URL using arbitrary credentials. This could facilitate sensitive information exposure or further exploitation of the Jenkins environment.
Affected Version(s)
Jenkins TestQuality Updater Plugin <= 1.3
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved