cbcvebase.
CVE-2023-50767
published 2023-12-13

CVE-2023-50767: Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an…

medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

Affected

10 ranges
VendorProductVersion rangeFixed in
jenkinsdeployment_dashboard_plugin
jenkinsdingding_json_pusher_plugin
jenkinshtmlresource_plugin
jenkinsnexus_platform<= 3.18.0-03
jenkinsnexus_platform_plugin
jenkinsopenid_connect_authentication_plugin
jenkinspaaslane_estimate_plugin
jenkinsscriptler_plugin
jenkinssynopsys_rapid_scan_static_is_the_only_plugin
jenkins_projectjenkins_nexus_platform_plugin<= 3.18.0-03