CVE-2023-50768

2023-12-1318:15:43

Google

osv.dev

cve-2023-50768

cross-site request forgery

jenkins

nexus platform plugin

http server

credentials

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.3%

JSON

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CPENameOperatorVersion
nexus-platform-plugineqrelease-1.1.0-05
nexus-platform-plugineqrelease-3.18.0-02
nexus-platform-plugineq3.16.476.v410d6968f400
nexus-platform-plugineq3.16.478.v41ee37380162
nexus-platform-plugineq3.16.510.v4d23e22cf563
nexus-platform-plugineqnexus-jenkins-plugin-3.11.20210716-075132.3b66565
nexus-platform-plugineqrelease-3.18.0-03
nexus-platform-plugineq3.14.431.v37ca_dc788b_b_1
nexus-platform-plugineq3.14.412.v8021dc9cc4ef
nexus-platform-plugineqrelease-1.0.0-02

Name	Operator	Version
nexus-platform-plugin	eq	release-1.1.0-05
nexus-platform-plugin	eq	release-3.18.0-02
nexus-platform-plugin	eq	3.16.476.v410d6968f400
nexus-platform-plugin	eq	3.16.478.v41ee37380162
nexus-platform-plugin	eq	3.16.510.v4d23e22cf563
nexus-platform-plugin	eq	nexus-jenkins-plugin-3.11.20210716-075132.3b66565
nexus-platform-plugin	eq	release-3.18.0-03
nexus-platform-plugin	eq	3.14.431.v37ca_dc788b_b_1
nexus-platform-plugin	eq	3.14.412.v8021dc9cc4ef
nexus-platform-plugin	eq	release-1.0.0-02