Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for matlab by jenkins

    CVE-2023-49673 (GCVE-0-2023-49673)

    Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-06-05 13:41
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins NeuVector Vulnerability Scanner Plugin Affected: 0 , ≤ 1.22 (maven)
    Create a notification for this product.
    jenkins_project jenkins_neuvector_vulnerability_scanner_plugin Affected: 0 , ≤ 1.22 (maven)
        cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jenkins_neuvector_vulnerability_scanner_plugin",
                "vendor": "jenkins_project",
                "versions": [
                  {
                    "lessThanOrEqual": "1.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "maven"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-05T13:40:46.090638Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-05T13:41:19.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins NeuVector Vulnerability Scanner Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:11.192Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49673",
        "datePublished": "2023-11-29T13:45:12.847Z",
        "dateReserved": "2023-11-29T10:34:02.383Z",
        "dateUpdated": "2025-06-05T13:41:19.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49656 (GCVE-0-2023-49656)

    Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
    VLAI
    Summary
    Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins MATLAB Plugin Affected: 0 , ≤ 2.11.0 (maven)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:26.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins MATLAB Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:10.208Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49656",
        "datePublished": "2023-11-29T13:45:12.215Z",
        "dateReserved": "2023-11-28T21:18:14.328Z",
        "dateUpdated": "2025-02-13T17:18:49.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49655 (GCVE-0-2023-49655)

    Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins MATLAB Plugin Affected: 0 , ≤ 2.11.0 (maven)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins MATLAB Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:09.231Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49655",
        "datePublished": "2023-11-29T13:45:11.577Z",
        "dateReserved": "2023-11-28T21:18:14.328Z",
        "dateUpdated": "2025-02-13T17:18:48.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49654 (GCVE-0-2023-49654)

    Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
    VLAI
    Summary
    Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins MATLAB Plugin Affected: 0 , ≤ 2.11.0 (maven)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins MATLAB Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:08.160Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49654",
        "datePublished": "2023-11-29T13:45:10.938Z",
        "dateReserved": "2023-11-28T21:18:14.327Z",
        "dateUpdated": "2025-02-13T17:18:47.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49673 (GCVE-0-2023-49673)

    Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-06-05 13:41
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins NeuVector Vulnerability Scanner Plugin Affected: 0 , ≤ 1.22 (maven)
    Create a notification for this product.
    jenkins_project jenkins_neuvector_vulnerability_scanner_plugin Affected: 0 , ≤ 1.22 (maven)
        cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "jenkins_neuvector_vulnerability_scanner_plugin",
                "vendor": "jenkins_project",
                "versions": [
                  {
                    "lessThanOrEqual": "1.22",
                    "status": "affected",
                    "version": "0",
                    "versionType": "maven"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49673",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-05T13:40:46.090638Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-352",
                    "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-05T13:41:19.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins NeuVector Vulnerability Scanner Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "1.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:11.192Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49673",
        "datePublished": "2023-11-29T13:45:12.847Z",
        "dateReserved": "2023-11-29T10:34:02.383Z",
        "dateUpdated": "2025-06-05T13:41:19.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49656 (GCVE-0-2023-49656)

    Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
    VLAI
    Summary
    Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins MATLAB Plugin Affected: 0 , ≤ 2.11.0 (maven)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:26.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins MATLAB Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:10.208Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49656",
        "datePublished": "2023-11-29T13:45:12.215Z",
        "dateReserved": "2023-11-28T21:18:14.328Z",
        "dateUpdated": "2025-02-13T17:18:49.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49655 (GCVE-0-2023-49655)

    Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
    VLAI
    Summary
    A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins MATLAB Plugin Affected: 0 , ≤ 2.11.0 (maven)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.849Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins MATLAB Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:09.231Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49655",
        "datePublished": "2023-11-29T13:45:11.577Z",
        "dateReserved": "2023-11-28T21:18:14.328Z",
        "dateUpdated": "2025-02-13T17:18:48.409Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49654 (GCVE-0-2023-49654)

    Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
    VLAI
    Summary
    Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
    Severity
    No CVSS data available.
    Assigner
    Impacted products
    Vendor Product Version
    Jenkins Project Jenkins MATLAB Plugin Affected: 0 , ≤ 2.11.0 (maven)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:01:25.660Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Jenkins Security Advisory 2023-11-29",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Jenkins MATLAB Plugin",
              "vendor": "Jenkins Project",
              "versions": [
                {
                  "lessThanOrEqual": "2.11.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "maven"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system."
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-11-29T13:50:08.160Z",
            "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
            "shortName": "jenkins"
          },
          "references": [
            {
              "name": "Jenkins Security Advisory 2023-11-29",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "assignerShortName": "jenkins",
        "cveId": "CVE-2023-49654",
        "datePublished": "2023-11-29T13:45:10.938Z",
        "dateReserved": "2023-11-28T21:18:14.327Z",
        "dateUpdated": "2025-02-13T17:18:47.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }