PT-2023-31643 · Jenkins · Jenkins Htmlresource Plugin+1
Kevin Guerroudj
·
Published
2023-12-13
·
Updated
2023-12-18
·
CVE-2023-50774
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Jenkins HTMLResource Plugin versions 1.02 and earlier
Description
A cross-site request forgery (CSRF) issue allows attackers to delete arbitrary files on the Jenkins controller file system. This can be exploited by attackers to potentially disrupt or compromise the system.
Recommendations
For Jenkins HTMLResource Plugin versions 1.02 and earlier, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the plugin to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jenkins
Jenkins Htmlresource Plugin