CVE-2023-50764

Name of the Vulnerable Software and Affected Versions Jenkins Scriptler Plugin versions 342.v6a 89fd40f466 and earlier

Description The issue allows attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system due to a lack of restriction on a file name query parameter in an HTTP endpoint.

Recommendations For Jenkins Scriptler Plugin versions 342.v6a 89fd40f466 and earlier, consider restricting access to the HTTP endpoint until a patch is available. As a temporary workaround, limit the permissions of users with Scriptler/Configure access to minimize the risk of exploitation. Avoid using the vulnerable HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.