Search
Find a vulnerability
Search criteria
8 vulnerabilities found for matlab by jenkins
CVE-2023-49673 (GCVE-0-2023-49673)
Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-06-05 13:41
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins NeuVector Vulnerability Scanner Plugin |
Affected:
0 , ≤ 1.22
(maven)
|
|
| jenkins_project | jenkins_neuvector_vulnerability_scanner_plugin |
Affected:
0 , ≤ 1.22
(maven)
cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jenkins_neuvector_vulnerability_scanner_plugin",
"vendor": "jenkins_project",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:40:46.090638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T13:41:19.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins NeuVector Vulnerability Scanner Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:11.192Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49673",
"datePublished": "2023-11-29T13:45:12.847Z",
"dateReserved": "2023-11-29T10:34:02.383Z",
"dateUpdated": "2025-06-05T13:41:19.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49656 (GCVE-0-2023-49656)
Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
VLAI
Summary
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins MATLAB Plugin |
Affected:
0 , ≤ 2.11.0
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins MATLAB Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:10.208Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49656",
"datePublished": "2023-11-29T13:45:12.215Z",
"dateReserved": "2023-11-28T21:18:14.328Z",
"dateUpdated": "2025-02-13T17:18:49.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49655 (GCVE-0-2023-49655)
Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins MATLAB Plugin |
Affected:
0 , ≤ 2.11.0
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins MATLAB Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:09.231Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49655",
"datePublished": "2023-11-29T13:45:11.577Z",
"dateReserved": "2023-11-28T21:18:14.328Z",
"dateUpdated": "2025-02-13T17:18:48.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49654 (GCVE-0-2023-49654)
Vulnerability from nvd – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
VLAI
Summary
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins MATLAB Plugin |
Affected:
0 , ≤ 2.11.0
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins MATLAB Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:08.160Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49654",
"datePublished": "2023-11-29T13:45:10.938Z",
"dateReserved": "2023-11-28T21:18:14.327Z",
"dateUpdated": "2025-02-13T17:18:47.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49673 (GCVE-0-2023-49673)
Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-06-05 13:41
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins NeuVector Vulnerability Scanner Plugin |
Affected:
0 , ≤ 1.22
(maven)
|
|
| jenkins_project | jenkins_neuvector_vulnerability_scanner_plugin |
Affected:
0 , ≤ 1.22
(maven)
cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jenkins_project:jenkins_neuvector_vulnerability_scanner_plugin:1.22:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "jenkins_neuvector_vulnerability_scanner_plugin",
"vendor": "jenkins_project",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T13:40:46.090638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T13:41:19.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins NeuVector Vulnerability Scanner Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1.22",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:11.192Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3256"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49673",
"datePublished": "2023-11-29T13:45:12.847Z",
"dateReserved": "2023-11-29T10:34:02.383Z",
"dateUpdated": "2025-06-05T13:41:19.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49656 (GCVE-0-2023-49656)
Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
VLAI
Summary
Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins MATLAB Plugin |
Affected:
0 , ≤ 2.11.0
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins MATLAB Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:10.208Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49656",
"datePublished": "2023-11-29T13:45:12.215Z",
"dateReserved": "2023-11-28T21:18:14.328Z",
"dateUpdated": "2025-02-13T17:18:49.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49655 (GCVE-0-2023-49655)
Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins MATLAB Plugin |
Affected:
0 , ≤ 2.11.0
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins MATLAB Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:09.231Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49655",
"datePublished": "2023-11-29T13:45:11.577Z",
"dateReserved": "2023-11-28T21:18:14.328Z",
"dateUpdated": "2025-02-13T17:18:48.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49654 (GCVE-0-2023-49654)
Vulnerability from cvelistv5 – Published: 2023-11-29 13:45 – Updated: 2025-02-13 17:18
VLAI
Summary
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins MATLAB Plugin |
Affected:
0 , ≤ 2.11.0
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins MATLAB Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "2.11.0",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-11-29T13:50:08.160Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-11-29",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/11/29/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-49654",
"datePublished": "2023-11-29T13:45:10.938Z",
"dateReserved": "2023-11-28T21:18:14.327Z",
"dateUpdated": "2025-02-13T17:18:47.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}