CVE-2023-50769

CWE-862 — Missing Authorization5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 83.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Nexus Platform Plugin Jenkins Nexus Platform

Timeline

PublishedDec 13

Description

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5jenkins_project/jenkins_nexus_platform_plugin3.18.0-03

▶Mavenorg.sonatype.nexus.ci:nexus-jenkins-plugin< 3.18.1-01

▶NVDjenkins/nexus_platform3.18.0-03

🔴Vulnerability Details

OSV

Jenkins Nexus Platform Plugin missing permission check↗2023-12-13

▶

CVEList

CVE-2023-50769: Missing permission checks in Jenkins Nexus Platform Plugin 3↗2023-12-13

▶

GHSA

Jenkins Nexus Platform Plugin missing permission check↗2023-12-13

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-12-13↗2023-12-13

▶