CVE-2023-50779 — Missing Authorization in Project Jenkins Paaslane Estimate Plugin

CWE-862 — Missing Authorization5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.0%

top 89.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Paaslane Estimate Plugin Jenkins Paaslane Estimate

Timeline

PublishedDec 13

Description

Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5jenkins_project/jenkins_paaslane_estimate_plugin1.0.4

▶NVDjenkins/paaslane_estimate1.0.4

🔴Vulnerability Details

GHSA

Missing permission check in Jenkins PaaSLane Estimate Plugin↗2023-12-13

▶

CVEList

CVE-2023-50779: Missing permission checks in Jenkins PaaSLane Estimate Plugin 1↗2023-12-13

▶

OSV

Missing permission check in Jenkins PaaSLane Estimate Plugin↗2023-12-13

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-12-13↗2023-12-13

▶