Lucene search

[email protected]NVD:CVE-2023-24453

HistoryJan 26, 2023 - 9:18 p.m.

CVE-2023-24453

2023-01-2621:18:18

CWE-862

[email protected]

web.nvd.nist.gov

jenkins

testquality

updater

plugin

security

vulnerability

cve-2023-24453

overall/read

permission

url

username

password

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.8%

JSON

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.

Affected configurations

Nvd

Node

jenkinstestquality_updaterRange≤1.3jenkins

VendorProductVersionCPE
jenkinstestquality_updater*cpe:2.3:a:jenkins:testquality_updater:*:*:*:*:*:jenkins:*:*

Vendor	Product	Version	CPE
jenkins	testquality_updater	*	cpe:2.3:a:jenkins:testquality_updater::::::jenkins::*

References

www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2800

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

22.8%

JSON

Related for NVD:CVE-2023-24453

prion1 cve1 cvelist1 osv1 github1 nessus2