Lucene search
HistoryDec 13, 2023 - 6:15 p.m.
CVE-2023-50766
cross-site request forgery
jenkins nexus
http request
xml parsing
cve-2023-50766
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.3%
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
Affected configurations
Node
jenkinsnexus_platformRange≤3.18.0-03jenkins
Related
alpinelinux
alpinelinux
CVE-2023-50766
2023-12-13 18:15:43
cvelist
cvelist
CVE-2023-50766
2023-12-13 17:30:14
osv
osv
CVE-2023-50766
2023-12-13 18:15:43
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
2023-12-13 18:31:04
cve
cve
CVE-2023-50766
2023-12-13 18:15:43
prion
prion
Cross site request forgery (csrf)
2023-12-13 18:15:00
github
github
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
2023-12-13 18:31:04
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-12-13)
2023-12-14 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
24.3%
Related for NVD:CVE-2023-50766