PT-2023-31643 · Jenkins · Jenkins Htmlresource Plugin+1

Kevin Guerroudj

Publicado

2023-12-13

Atualizado

2023-12-18

CVE-2023-50774

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jenkins HTMLResource Plugin versions 1.02 and earlier

Description A cross-site request forgery (CSRF) issue allows attackers to delete arbitrary files on the Jenkins controller file system. This can be exploited by attackers to potentially disrupt or compromise the system.

Recommendations For Jenkins HTMLResource Plugin versions 1.02 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2023-50774

GHSA-7CCG-JM7J-4F8V

Produtos afetados

Jenkins

Jenkins Htmlresource Plugin

PT-2023-31643 · Jenkins · Jenkins Htmlresource Plugin+1

CVE-2023-50774

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8