CVE-2023-50766
- Source
- https://cve.org/CVERecord?id=CVE-2023-50766
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50766.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-50766
- Aliases
- Published
- 2023-12-13T18:15:43.840Z
- Modified
- 2025-11-15T07:04:05.211826Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.
- References
Affected packages
Git / github.com/jenkinsci/nexus-platform-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/nexus-platform-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
3.*
3.13.398.v0b_eb_22e7a_122
3.14.401.v1311ea_023ce5
3.14.403.v07c2f1f96d60
3.14.405.v74e19a_0b_1a_1a_
3.14.407.v9d113b_445204
3.14.412.v8021dc9cc4ef
3.14.415.v4605773547f3
3.14.418.v7a_687b_6a_4c1d
3.14.424.v8290b_b_ec62cb_
3.14.431.v37ca_dc788b_b_1
3.15.438.vf87a_0dc45166
3.16.444.v52b_e5e2db_503
3.16.449.v50228c7ca_222
3.16.453.v39a_b_a_0401562
3.16.455.vd5654e1c14b_a_
3.16.459.vcdf273b_29f8c
3.16.465.ve8709b_fa_df42
3.16.471.v2dcf088efb_7f
3.16.474.vb_0cdf4908780
3.16.476.v410d6968f400
3.16.478.v41ee37380162
3.16.481.ved9f5106e132
3.16.485.ve2c3a_17ec407
3.16.487.v5d4d3b_6942ee
3.16.489.v7cf06846a_c96
3.16.491.v77a_2f8921c88
3.16.497.vd8491dd15a_8d
3.16.501.ve3d6b_58f1d37
3.16.503.vb_a_7b_10f1c4cf
3.16.506.v3e10c22ddc08
3.16.508.vfc408b_9601f0
3.16.510.v4d23e22cf563
3.17.514.va_6dfca_8a_f7a_c
3.17.518.v9cb_3ff833922
nexus-jenkins-plugin-3.*
nexus-jenkins-plugin-3.11.20210716-075132.3b66565
release-1.*
release-1.0.0-02
release-1.0.1-01
release-1.0.2-02
release-1.1.0-05
release-3.*
release-3.18.0-02
release-3.18.0-03