Vulnerability in Jenkins Nexus Platform Plugin Affects User Permissions
CVE-2023-50767

5.4MEDIUM

Key Information:

Vendor
Jenkins
Status
Jenkins Nexus Platform Plugin
Vendor
CVE Published:
13 December 2023

Summary

The Jenkins Nexus Platform Plugin contains a vulnerability due to inadequate permission checks allowing users with Overall/Read capabilities to issue HTTP requests to external URLs. This flaw permits unauthorized access to parse the responses as XML, potentially leading to exploitation that compromises the integrity and confidentiality of the system.

Affected Version(s)

Jenkins Nexus Platform Plugin 0 <= 3.18.0-03

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.