Vulnerability Details CVE-2023-30521
A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.7%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2023-30521
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:-
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.1
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.11
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.12
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.13
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.3
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.4
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.6
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.7
-
cpe:2.3:a:jenkins:assembla_merge_request_builder:1.1.9