CVE-2023-50769
published 2023-12-13CVE-2023-50769: Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | deployment_dashboard_plugin | — | — |
| jenkins | dingding_json_pusher_plugin | — | — |
| jenkins | htmlresource_plugin | — | — |
| jenkins | nexus_platform | <= 3.18.0-03 | — |
| jenkins | nexus_platform_plugin | — | — |
| jenkins | openid_connect_authentication_plugin | — | — |
| jenkins | paaslane_estimate_plugin | — | — |
| jenkins | scriptler_plugin | — | — |
| jenkins | synopsys_rapid_scan_static_is_the_only_plugin | — | — |
| jenkins_project | jenkins_nexus_platform_plugin | <= 3.18.0-03 | — |