What is the severity of CVE-2023-30529?

CVE-2023-30529 is categorized as a critical vulnerability due to its potential for unauthorized database reindexing.

How do I fix CVE-2023-30529?

To fix CVE-2023-30529, upgrade the Jenkins Lucene-Search Plugin to version 398.v3dfa_cb_223984 or later.

What impact does CVE-2023-30529 have on Jenkins users?

CVE-2023-30529 allows attackers to manipulate the database through an unsecured HTTP endpoint, compromising data integrity.

Which versions of the Lucene-Search Plugin are affected by CVE-2023-30529?

Versions of the Jenkins Lucene-Search Plugin up to and including 387.v938a_ecb_f7fe9 are affected by CVE-2023-30529.

Is there any mitigation for CVE-2023-30529 prior to patching?

There are no effective mitigations for CVE-2023-30529 other than upgrading to the fixed version.

Vulnerability/
CVE-2023-30529

medium

4.3

CWE

352

12/4/2023

7/2/2025

CVE-2023-30529: CSRF

First published: Wed Apr 12 2023(Updated: )

Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.

Credit: jenkinsci-cert@googlegroups.com

Affected Software	Affected Version	How to fix
maven/org.jenkins-ci.plugins:lucene-search	<=387.v938a	398.v3dfa_cb_223984
	<=387.v938a_ecb_f7fe9
Jenkins Lucene-search	<=387.v938a_ecb_f7fe9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-30529?
CVE-2023-30529 is categorized as a critical vulnerability due to its potential for unauthorized database reindexing.
How do I fix CVE-2023-30529?
To fix CVE-2023-30529, upgrade the Jenkins Lucene-Search Plugin to version 398.v3dfa_cb_223984 or later.
What impact does CVE-2023-30529 have on Jenkins users?
CVE-2023-30529 allows attackers to manipulate the database through an unsecured HTTP endpoint, compromising data integrity.
Which versions of the Lucene-Search Plugin are affected by CVE-2023-30529?
Versions of the Jenkins Lucene-Search Plugin up to and including 387.v938a_ecb_f7fe9 are affected by CVE-2023-30529.
Is there any mitigation for CVE-2023-30529 prior to patching?
There are no effective mitigations for CVE-2023-30529 other than upgrading to the fixed version.

collector/nvd-index
collector/github-advisory-latest
alias/GHSA-gh5w-gffh-68pr
alias/CVE-2023-30529
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
agent/severity
agent/weakness
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/github-advisory
source/GitHub
agent/event
agent/description
agent/trending
agent/source
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
collector/nvd-api
vendor/jenkins
canonical/jenkins lucene-search
version/jenkins lucene-search/387.v938a_ecb_f7fe9
package-manager/maven

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.