CVE-2023-50767

2023-12-1318:15:43

Alpine Linux Development Team

security.alpinelinux.org

cve-2023-50767

jenkins

nexus platform plugin

permission checks

http request

xml parsing

unix

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.4%

JSON

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchjenkins= 2.440.2-r0UNKNOWN
Alpine3.19-communitynoarchjenkins= 2.440.3-r0UNKNOWN
Alpine3.20-communitynoarchjenkins= 2.440.2-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	jenkins	= 2.440.2-r0	UNKNOWN
Alpine	3.19-community	noarch	jenkins	= 2.440.3-r0	UNKNOWN
Alpine	3.20-community	noarch	jenkins	= 2.440.2-r0	UNKNOWN