CVE-2023-37953
published 2023-07-12CVE-2023-37953: A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | active_directory_plugin | — | — |
| jenkins | assembla_auth_plugin | — | — |
| jenkins | benchmark_evaluator_plugin | — | — |
| jenkins | datadog_plugin | — | — |
| jenkins | elasticbox_ci_plugin | — | — |
| jenkins | external_monitor_job_type_plugin | — | — |
| jenkins | for_more_information_see_the_plugin | — | — |
| jenkins | mabl | <= 0.0.46 | — |
| jenkins | macstadium_plugin | — | — |
| jenkins | mathworks_polyspace_plugin | — | — |
| jenkins | openshift_login_plugin | — | — |
| jenkins | oracle_cloud_infrastructure_compute_plugin | — | — |
| jenkins | orka_by_macstadium_plugin | — | — |
| jenkins | rebuilder_plugin | — | — |
| jenkins | sumologic_publisher_plugin | — | — |
| jenkins | test_results_aggregator_plugin | — | — |
| jenkins_project | jenkins_mabl_plugin | <= 0.0.46 | — |