Vulnerability Details CVE-2023-50764
Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.5%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2023-50764
-
cpe:2.3:a:jenkins:scriptler:-
-
cpe:2.3:a:jenkins:scriptler:3.1
-
cpe:2.3:a:jenkins:scriptler:3.2
-
cpe:2.3:a:jenkins:scriptler:3.3
-
cpe:2.3:a:jenkins:scriptler:3.4
-
cpe:2.3:a:jenkins:scriptler:3.5
-
cpe:2.3:a:jenkins:scriptler:342.v6a_89fd40f466