CVE-2023-37952

2023-07-1216:15:13

CWE-352

[email protected]

web.nvd.nist.gov

cve-2023-37952

csrf

jenkins mabl plugin

nvd

security vulnerability

information security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.0005 Low

EPSS

Percentile

17.4%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Affected configurations

NVD

Node

jenkinsmablRange≤0.0.46jenkins

CPENameOperatorVersion
jenkins:mabljenkins mablle0.0.46

CPE	Name	Operator	Version
jenkins:mabl	jenkins mabl	le	0.0.46

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins mabl Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "0.0.46",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]