Lucene search

[email protected]CVE-2023-37960

HistoryJul 12, 2023 - 4:15 p.m.

CVE-2023-37960

2023-07-1216:15:13

CWE-22

[email protected]

web.nvd.nist.gov

jenkins

mathworks

polyspace plugin

cve-2023-37960

security vulnerability

arbitrary files

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

15.2%

JSON

Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.

CPENameOperatorVersion
jenkins:mathworks_polyspacejenkins mathworks polyspacele1.0.5
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq-
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq1.0.5
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq1.0.3
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq1.0.0
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq1.0.2
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq0.1.0
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq0.1.1
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq1.0.4
jenkins:mathworks_polyspacejenkins mathworks polyspaceeq1.0.1

CPE	Name	Operator	Version
jenkins:mathworks_polyspace	jenkins mathworks polyspace	le	1.0.5
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	-
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	1.0.5
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	1.0.3
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	1.0.0
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	1.0.2
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	0.1.0
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	0.1.1
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	1.0.4
jenkins:mathworks_polyspace	jenkins mathworks polyspace	eq	1.0.1

References

www.openwall.com/lists/oss-security/2023/07/12/2

www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3124

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0005 Low

EPSS

Percentile

15.2%

JSON

Related for CVE-2023-37960

github1 osv1 cvelist1 prion1