Jenkins Nexus Platform vulnerabilities

CVE-2023-50766 [HIGH] CWE-352 CVE-2023-50766: A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and ear A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

CVE-2023-50768 [HIGH] CWE-352 CVE-2023-50768: A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and ear A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-50769 [MEDIUM] CWE-862 CVE-2023-50769: Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers wit Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CVE-2023-50767 [MEDIUM] CWE-862 CVE-2023-50767: Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers wit Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.