Missing Permission Check in Jenkins Scriptler Plugin
CVE-2023-50765

4.3MEDIUM

Key Information:

Vendor: Jenkins
Status: Jenkins Scriptler Plugin
Vendor: CVE Published:; 13 December 2023

Summary

A missing permission check in Jenkins Scriptler Plugin allows users with Overall/Read permissions to access the contents of Groovy scripts by knowing their IDs. This could lead to unauthorized disclosure of sensitive information contained in scripts, potentially compromising the integrity of the affected Jenkins environment.

Affected Version(s)

Jenkins Scriptler Plugin 0 <= 342.v6a_89fd40f466

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECU...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Dec 13, 2023