CVE-2023-50766
published 2023-12-13CVE-2023-50766: A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an…
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | deployment_dashboard_plugin | — | — |
| jenkins | dingding_json_pusher_plugin | — | — |
| jenkins | htmlresource_plugin | — | — |
| jenkins | nexus_platform | <= 3.18.0-03 | — |
| jenkins | nexus_platform_plugin | — | — |
| jenkins | openid_connect_authentication_plugin | — | — |
| jenkins | paaslane_estimate_plugin | — | — |
| jenkins | scriptler_plugin | — | — |
| jenkins | synopsys_rapid_scan_static_is_the_only_plugin | — | — |
| jenkins_project | jenkins_nexus_platform_plugin | <= 3.18.0-03 | — |