CVE-2023-50766

2023-12-1318:15:43

Google

osv.dev

cross-site request forgery

jenkins

nexus platform plugin

http request

xml parsing

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.

CPENameOperatorVersion
nexus-platform-plugineqrelease-1.1.0-05
nexus-platform-plugineqrelease-3.18.0-02
nexus-platform-plugineq3.16.476.v410d6968f400
nexus-platform-plugineq3.16.478.v41ee37380162
nexus-platform-plugineq3.16.510.v4d23e22cf563
nexus-platform-plugineqnexus-jenkins-plugin-3.11.20210716-075132.3b66565
nexus-platform-plugineqrelease-3.18.0-03
nexus-platform-plugineq3.14.431.v37ca_dc788b_b_1
nexus-platform-plugineq3.14.412.v8021dc9cc4ef
nexus-platform-plugineqrelease-1.0.0-02

Name	Operator	Version
nexus-platform-plugin	eq	release-1.1.0-05
nexus-platform-plugin	eq	release-3.18.0-02
nexus-platform-plugin	eq	3.16.476.v410d6968f400
nexus-platform-plugin	eq	3.16.478.v41ee37380162
nexus-platform-plugin	eq	3.16.510.v4d23e22cf563
nexus-platform-plugin	eq	nexus-jenkins-plugin-3.11.20210716-075132.3b66565
nexus-platform-plugin	eq	release-3.18.0-03
nexus-platform-plugin	eq	3.14.431.v37ca_dc788b_b_1
nexus-platform-plugin	eq	3.14.412.v8021dc9cc4ef
nexus-platform-plugin	eq	release-1.0.0-02