CVE-2023-50768: A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified…

high8.8CVSS 3.1

AVNACLPRNUIRSUCHIHAH

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
jenkins	deployment_dashboard_plugin	—	—
jenkins	dingding_json_pusher_plugin	—	—
jenkins	htmlresource_plugin	—	—
jenkins	nexus_platform	<= 3.18.0-03	—
jenkins	nexus_platform_plugin	—	—
jenkins	openid_connect_authentication_plugin	—	—
jenkins	paaslane_estimate_plugin	—	—
jenkins	scriptler_plugin	—	—
jenkins	synopsys_rapid_scan_static_is_the_only_plugin	—	—
jenkins_project	jenkins_nexus_platform_plugin	<= 3.18.0-03	—