First published: Wed Nov 29 2023(Updated: )
Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins parse an XML file from the Jenkins controller file system.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
Affected Software | Affected Version | How to fix |
---|---|---|
Jenkins Matlab | <2.11.1 | |
maven/org.jenkins-ci.plugins:matlab | <2.11.1 | 2.11.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-49654.
The title of this vulnerability is 'Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier allow attackers to have Jenkins controller execute arbitrary code.'
CVE-2023-49654 has a severity rating of 7.1 (high).
Attackers can exploit this vulnerability by manipulating the user-specified directory on the Jenkins controller and executing arbitrary code.
To fix CVE-2023-49654, update the Jenkins MATLAB Plugin to version 2.11.1 or later.