CVE-2023-49654

EUVD-2023-2953
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
jenkinsmatlab
𝑥
< 2.11.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/11/29/1
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193
http://www.openwall.com/lists/oss-security/2023/11/29/1
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193