CVE-2023-49654
published 2023-11-29CVE-2023-49654: Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | google_compute_engine_plugin | — | — |
| jenkins | jira_plugin | — | — |
| jenkins | matlab | < 2.11.1 | 2.11.1 |
| jenkins | matlab_plugin | — | — |
| jenkins_project | jenkins_matlab_plugin | <= 2.11.0 | — |