CVE-2023-37949

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jul 12, 2023

Updated: Jul 20, 2023

CWE ID 862

Summary

CVE-2023-37949 is a vulnerability affecting the Jenkins Orka plugin by MacStadium, versions 1.33 and older. The issue involves a missing permission check that allows users with Overall/Read access to connect to unauthorized URLs using attacker-provided credentials. This vulnerability exposes Jenkins-stored credentials to potential attackers who have obtained the necessary IDs through other means.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r94wV3
https://www.cve.org/CVERecord?id=CVE-2023-37949
https://nvd.nist.gov/vuln/detail/CVE-2023-37949

Back to Vulnerability Database

CVE-2023-37949

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations