CVE-2023-50764

2023-12-1318:15:43

[email protected]

web.nvd.nist.gov

cve-2023-50764

jenkins

scriptler plugin

http endpoint

security vulnerability

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.1%

JSON

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinsscriptlerRange≤342.v6a_89fd40f466jenkins

CPENameOperatorVersion
jenkins:scriptlerjenkins scriptlerle342.v6a_89fd40f466

CPE	Name	Operator	Version
jenkins:scriptler	jenkins scriptler	le	342.v6a_89fd40f466

CNA Affected

[
  {
    "vendor": "Jenkins Project",
    "product": "Jenkins Scriptler Plugin",
    "versions": [
      {
        "version": "0",
        "versionType": "maven",
        "lessThanOrEqual": "342.v6a_89fd40f466",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]