CVE-2023-37959

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 12, 2023

Updated: Jul 20, 2023

CWE ID 862

Summary

CVE-2023-37959 is a vulnerability affecting the Jenkins Sumologic Publisher Plugin version 2.2.1 and earlier. This issue involves a missing permission check, allowing users with Overall/Read access to connect to URLs controlled by attackers, potentially resulting in unauthorized data transfer. This vulnerability could pose a risk to organizations using the Jenkins Sumologic Publisher Plugin, and it is recommended that users update to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r94wWL
https://www.cve.org/CVERecord?id=CVE-2023-37959
https://nvd.nist.gov/vuln/detail/CVE-2023-37959

Back to Vulnerability Database

CVE-2023-37959

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations