Lucene search

[email protected]NVD:CVE-2023-24448

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-24448

2023-01-2621:18:18

CWE-862

[email protected]

web.nvd.nist.gov

jenkins

rabbitmq

permission check

cve-2023-24448

amqps url

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.0%

JSON

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.

Affected configurations

NVD

Node

jenkinsrabbitmq_consumerRange≤2.8jenkins

References

www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2778

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for NVD:CVE-2023-24448

cve1 prion1 cvelist1 github1 osv1 nessus2