Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2023-50769
HistoryDec 13, 2023 - 6:15 p.m.

CVE-2023-50769

2023-12-1318:15:43
Alpine Linux Development Team
security.alpinelinux.org
13
cve-2023-50769
permission checks
jenkins
nexus platform plugin
http server
credentials
unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

13.3%

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

OSVersionArchitecturePackageVersionFilename
Alpine3.19-communitynoarchjenkins= 2.440.3-r0UNKNOWN
Alpine3.20-communitynoarchjenkins= 2.440.2-r0UNKNOWN
Alpineedge-communitynoarchjenkins= 2.462.1-r0UNKNOWN

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0

Percentile

13.3%

Related for ALPINE:CVE-2023-50769