Miggo Logo
Miggo Vulnerability Database
CVE-2023-50765

CVE-2023-50765:
Missing permission check in Jenkins Scriptler Plugin

4.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-50765
GHSA ID
GHSA-4j42-6xfx-h754
EPSS Score
0.16017%
CWE
CWE-862
Published
12/13/2023
Updated
12/18/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.jenkins-ci.plugins:scriptlermaven<= 342.v6a

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the unpatched doShowScript method which handled script content requests without verifying if the user had appropriate privileges. The commit diff shows the addition of permission checks (hasAnyPermission and checkPermission calls) to this method, confirming the original version was missing these controls. The CWE-862 classification and advisory description directly match this missing authorization pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* missin* p*rmission ****k in J*nkins S*riptl*r Plu*in ***.v**_********** *n* **rli*r *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to r*** t** *ont*nts o* * *roovy s*ript *y knowin* its I*.

Reasoning

T** vuln*r**ility st*ms *rom t** unp*t**** `*oS*owS*ript` m*t*o* w*i** **n*l** s*ript *ont*nt r*qu*sts wit*out v*ri*yin* i* t** us*r *** *ppropri*t* privil***s. T** *ommit *i** s*ows t** ***ition o* p*rmission ****ks (`**s*nyP*rmission` *n* `****kP*r