CVE-2023-49654

9.8CRITICAL

Key Information

Vendor: Jenkins
Status: Jenkins MATLAB Plugin
Vendor: CVE Published:; 29 November 2023

Summary

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.

Affected Version(s)

Jenkins MATLAB Plugin <= 2.11.0

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 29, 2023
Vulnerability Reserved.
Nov 28, 2023

Collectors

NVD DatabaseMitre Database