CVE-2023-49654

Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
jenkinsCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 21%
VendorProductVersion
jenkinsmatlab
𝑥
< 2.11.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2023/11/29/1
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193
http://www.openwall.com/lists/oss-security/2023/11/29/1
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193