Missing Permission Check in Jenkins BearyChat Plugin by Jenkins
CVE-2023-24459
6.5MEDIUM
Summary
The Jenkins BearyChat Plugin prior to version 3.0.3 exhibits a significant security flaw due to a missing permission check. This vulnerability allows attackers with Overall/Read permissions to connect to arbitrary URLs specified by the attacker, potentially leading to unauthorized access and data exfiltration. It is crucial for Jenkins users to update to the latest version to mitigate this risk effectively.
Affected Version(s)
Jenkins BearyChat Plugin <= 3.0.2
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved