Lucene search
HistoryJan 26, 2023 - 9:18 p.m.
CVE-2023-24448
cve-2023-24448
jenkins
rabbitmq consumer plugin
permission check
amqp
security vulnerability
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
20.9%
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.
Affected configurations
Node
jenkinsrabbitmq_consumerRange≤2.8jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:rabbitmq_consumer | jenkins rabbitmq consumer | le | 2.8 |
CNA Affected
[
{
"product": "Jenkins RabbitMQ Consumer Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 2.8",
"versionType": "custom"
}
]
}
]Related
github
github
Missing permission check in Jenkins RabbitMQ Consumer Plugin
2023-01-26 21:30:18
prion
prion
Default credentials
2023-01-26 21:18:00
cvelist
cvelist
CVE-2023-24448
2023-01-24 00:00:00
nvd
nvd
CVE-2023-24448
2023-01-26 21:18:18
osv
osv
Missing permission check in Jenkins RabbitMQ Consumer Plugin
2023-01-26 21:30:18
nessus
nessus
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
20.9%
Related for CVE-2023-24448