CVE-2023-49655

8.8HIGH

Key Information

Vendor: Jenkins
Status: Jenkins MATLAB Plugin
Vendor: CVE Published:; 29 November 2023

Summary

A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.

Affected Version(s)

Jenkins MATLAB Plugin <= 2.11.0

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 29, 2023
Vulnerability Reserved.
Nov 28, 2023

Collectors

NVD DatabaseMitre Database