Vulnerabilities > CVE-2023-50764 - Unspecified vulnerability in Jenkins Scriptler

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

jenkins

NVD

Published: 2023-12-13

Updated: 2023-12-18

Summary

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Scriptler - Jenkins Scriptler 3.1 Jenkins Scriptler 3.2 Jenkins Scriptler 3.3 Jenkins Scriptler 3.4 Jenkins Scriptler 3.5 Jenkins Scriptler 342.V6A_89Fd40F466	7

References

https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3205
http://www.openwall.com/lists/oss-security/2023/12/13/4