7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-50767

GHSA ID

GHSA-9vrm-747r-668v

EPSS Score

0.33591%

CWE

CWE-862

Published

12/13/2023

Updated

12/18/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-50767

CVE-2023-50767: Jenkins Nexus Platform Plugin missing permission check

Jenkins Nexus Platform Plugin 3.18.0-03 and earlier does not perform permission checks in methods implementing form validation.

This allows attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.

Additionally, the plugin does not configure its XML parser to prevent XML external entity (XXE) attacks, so attackers can have Jenkins parse a crafted XML response that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

Additionally, these form validation methods do not require POST requests, resulting in a cross-site request forgery (CSRF) vulnerability.

Nexus Platform Plugin 3.18.1-01 configures its XML parser to prevent XML external entity (XXE) attacks.

Additionally, POST requests and Overall/Administer permission are required for the affected HTTP endpoints.

(GitHub Advisory)

7.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-50767

GHSA ID

GHSA-9vrm-747r-668v

EPSS Score

0.33591%

CWE

CWE-862

Published

12/13/2023

Updated

12/18/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.sonatype.nexus.ci:nexus-jenkins-plugin	maven	< 3.18.1-01	3.18.1-01

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows these methods were modified to add @POST annotations and Jenkins.ADMINISTER permission checks. The vulnerability description explicitly states that form validation methods lacked authorization checks and CSRF protection. Each identified function: 1) Implements form validation 2) Was missing required permission checks in vulnerable versions 3) Allowed GET requests (fixed by adding @POST). The XXE vulnerability stems from XML parsing in these endpoints without proper parser configuration, which was fixed by updating the nexus-platform-api dependency in pom.xml.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins N*xus Pl*t*orm Plu*in *.**.*-** *n* **rli*r *o*s not p*r*orm p*rmission ****ks in m*t*o*s impl*m*ntin* *orm v*li**tion. T*is *llows *tt**k*rs wit* Ov*r*ll/R*** p*rmission to s*n* *n *TTP r*qu*st to *n *tt**k*r-sp**i*i** URL *n* p*rs* t** r*s

Reasoning

T** *ommit *i** s*ows t**s* m*t*o*s w*r* mo*i*i** to *** @POST *nnot*tions *n* J*nkins.**MINIST*R p*rmission ****ks. T** vuln*r**ility **s*ription *xpli*itly st*t*s t**t *orm v*li**tion m*t*o*s l**k** *ut*oriz*tion ****ks *n* *SR* prot**tion. **** i*

7.1

Basic Information

Concerned about an active attack path?

CVE-2023-50767: Jenkins Nexus Platform Plugin missing permission check

7.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI