Vulnerability Description
A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Matlab | < 2.11.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2023/11/29/1Mailing List
- https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193Issue TrackingVendor Advisory
- http://www.openwall.com/lists/oss-security/2023/11/29/1Mailing List
- https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193Issue TrackingVendor Advisory
FAQ
What is CVE-2023-49655?
CVE-2023-49655 is a vulnerability with a CVSS score of 8.8 (HIGH). A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Plugin 2.11.0 and earlier allows attackers to have Jenkins parse an XML file from the Jenkins controller file system.
How severe is CVE-2023-49655?
CVE-2023-49655 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-49655?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Matlab.