CVE-2023-50767

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-50767

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50767.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50767

Aliases

GHSA-9vrm-747r-668v

Published

2023-12-13T18:15:43.890Z

Modified

2026-03-11T15:43:34.991080Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

References

Affected packages

Git / github.com/jenkinsci/nexus-platform-plugin

Affected ranges

Type

GIT

Repo

https://github.com/jenkinsci/nexus-platform-plugin

Events

Introduced

Last affected

ed204271174ae13397e12ee5146dfbc29a8ca9a3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.18.0-03"
        }
    ]
}

Affected versions

3.*

3.13.398.v0b_eb_22e7a_122

3.14.401.v1311ea_023ce5

3.14.403.v07c2f1f96d60

3.14.405.v74e19a_0b_1a_1a_

3.14.407.v9d113b_445204

3.14.412.v8021dc9cc4ef

3.14.415.v4605773547f3

3.14.418.v7a_687b_6a_4c1d

3.14.424.v8290b_b_ec62cb_

3.14.431.v37ca_dc788b_b_1

3.15.438.vf87a_0dc45166

3.16.444.v52b_e5e2db_503

3.16.449.v50228c7ca_222

3.16.453.v39a_b_a_0401562

3.16.455.vd5654e1c14b_a_

3.16.459.vcdf273b_29f8c

3.16.465.ve8709b_fa_df42

3.16.471.v2dcf088efb_7f

3.16.474.vb_0cdf4908780

3.16.476.v410d6968f400

3.16.478.v41ee37380162

3.16.481.ved9f5106e132

3.16.485.ve2c3a_17ec407

3.16.487.v5d4d3b_6942ee

3.16.489.v7cf06846a_c96

3.16.491.v77a_2f8921c88

3.16.497.vd8491dd15a_8d

3.16.501.ve3d6b_58f1d37

3.16.503.vb_a_7b_10f1c4cf

3.16.506.v3e10c22ddc08

3.16.508.vfc408b_9601f0

3.16.510.v4d23e22cf563

3.17.514.va_6dfca_8a_f7a_c

3.17.518.v9cb_3ff833922

nexus-jenkins-plugin-3.*

nexus-jenkins-plugin-3.11.20210716-075132.3b66565

release-1.*

release-1.0.0-02

release-1.0.1-01

release-1.0.2-02

release-1.1.0-05

release-3.*

release-3.18.0-02

release-3.18.0-03

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50767.json"