CVE-2023-50767

CWE-862 — Missing Authorization5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 67.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Nexus Platform Plugin Jenkins Nexus Platform

Timeline

PublishedDec 13

Description

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_nexus_platform_plugin3.18.0-03

▶Mavenorg.sonatype.nexus.ci:nexus-jenkins-plugin< 3.18.1-01

▶NVDjenkins/nexus_platform3.18.0-03

🔴Vulnerability Details

OSV

Jenkins Nexus Platform Plugin missing permission check↗2023-12-13

▶

GHSA

Jenkins Nexus Platform Plugin missing permission check↗2023-12-13

▶

CVEList

CVE-2023-50767: Missing permission checks in Jenkins Nexus Platform Plugin 3↗2023-12-13

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-12-13↗2023-12-13

▶