Vulnerability in Jenkins Nexus Platform Plugin Affects User Permissions
CVE-2023-50767

5.4MEDIUM

Key Information:

Vendor

Jenkins
Status
Jenkins Nexus Platform Plugin
Vendor
CVE Published:
13 December 2023

What is CVE-2023-50767?

The Jenkins Nexus Platform Plugin contains a vulnerability due to inadequate permission checks allowing users with Overall/Read capabilities to issue HTTP requests to external URLs. This flaw permits unauthorized access to parse the responses as XML, potentially leading to exploitation that compromises the integrity and confidentiality of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Jenkins Nexus Platform Plugin 0 <= 3.18.0-03

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECU...
vendor-advisory
http://www.openwall.com/lists/oss-security/2023/12/13/4

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.