Permission Check Flaw in Jenkins ElasticBox CI Plugin
CVE-2023-37965

7.1HIGH

Key Information:

Vendor: Jenkins
Status: Jenkins Elasticbox Ci Plugin
Vendor: CVE Published:; 12 July 2023

What is CVE-2023-37965?

A flaw in the Jenkins ElasticBox CI Plugin versions 5.0.1 and earlier exposes the system to potential breaches. The vulnerability arises from a missing permission check that grants attackers with Overall/Read permission the capability to connect to arbitrary URLs. They can exploit this by utilizing credentials IDs acquired via other means, thereby capturing sensitive information stored within the Jenkins environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins ElasticBox CI Plugin 0 <= 5.0.1

References

https://www.jenkins.io/security/advisory/2023-07-12/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/07/12/2

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2023
Vulnerability Reserved
Jul 11, 2023

JSON

Jenkins