7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49656

GHSA ID

GHSA-82q9-88m2-4v68

EPSS Score

0.08415%

CWE

CWE-611

Published

11/29/2023

Updated

12/5/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-49656

CVE-2023-49656: Jenkins MATLAB Plugin XML External Entity vulnerability

Jenkins MATLAB Plugin determines whether a user-specified directory on the Jenkins controller is the location of a MATLAB installation by parsing an XML file in that directory.

MATLAB Plugin 2.11.0 and earlier does not perform permission checks in several HTTP endpoints implementing related form validation.

Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Additionally, the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks. This allows attackers able to create files on the Jenkins controller file system to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

MATLAB Plugin 2.11.1 configures its XML parser to prevent XML external entity (XXE) attacks.

Additionally, POST requests and Item/Configure permission are required for the affected HTTP endpoints.

(GitHub Advisory)

7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49656

GHSA ID

GHSA-82q9-88m2-4v68

EPSS Score

0.08415%

CWE

CWE-611

Published

11/29/2023

Updated

12/5/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:matlab	maven	< 2.11.1	2.11.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability manifests in two core components: 1) HTTP endpoints handling form validation without security controls, and 2) XML parsing without XXE protections. Jenkins plugin patterns indicate form validation is typically handled by doCheck methods in DescriptorImpl classes. The advisory explicitly mentions missing permission checks and CSRF protections in these endpoints. For XXE, the XML parsing function that checks MATLAB installations would be the logical location for insecure DocumentBuilderFactory usage, as this is the primary XML processing described in the vulnerability description. Both locations are directly mentioned in the advisory as root causes for different aspects of the vulnerability (CWE-611 for XXE, and CSRF/missing auth checks for the endpoints).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins M*TL** Plu*in **t*rmin*s w**t**r * us*r-sp**i*i** *ir**tory on t** J*nkins *ontroll*r is t** lo**tion o* * M*TL** inst*ll*tion *y p*rsin* *n XML *il* in t**t *ir**tory. M*TL** Plu*in *.**.* *n* **rli*r *o*s not p*r*orm p*rmission ****ks in s

Reasoning

T** vuln*r**ility m*ni**sts in two *or* *ompon*nts: *) *TTP *n*points **n*lin* *orm v*li**tion wit*out s**urity *ontrols, *n* *) XML p*rsin* wit*out XX* prot**tions. J*nkins plu*in p*tt*rns in*i**t* *orm v*li**tion is typi**lly **n*l** *y `*o****k` m

7.1

Basic Information

Concerned about an active attack path?

CVE-2023-49656: Jenkins MATLAB Plugin XML External Entity vulnerability

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI