A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 22 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2025-05-22T18:12:21.589Z

Reserved: 2023-12-13T13:06:36.477Z

Link: CVE-2023-50768

cve-icon Vulnrichment

Updated: 2024-08-02T22:23:42.913Z

cve-icon NVD

Status : Modified

Published: 2023-12-13T18:15:43.943

Modified: 2025-05-22T19:15:37.263

Link: CVE-2023-50768

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.