CVE-2023-37949
published 2023-07-12CVE-2023-37949: A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an…
high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | assembla_auth_plugin | — | — |
| jenkins | benchmark_evaluator_plugin | — | — |
| jenkins | datadog_plugin | — | — |
| jenkins | elasticbox_ci_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | macstadium_plugin | — | — |
| jenkins | mathworks_polyspace_plugin | — | — |
| jenkins | openshift_login_plugin | — | — |
| jenkins | oracle_cloud_infrastructure_compute_plugin | — | — |
| jenkins | orka_by_macstadium | < 1.34 | 1.34 |
| jenkins | orka_by_macstadium_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | sumologic_publisher_plugin | — | — |
| jenkins | test_results_aggregator_plugin | — | — |
| jenkins_project | jenkins_orka_by_macstadium_plugin | <= 1.33 | — |