Jenkins BP: Permission check missing in Benchmark Evaluator 1.0.1- (CVE-2023-37963)
CVE-2023-37963 Published on July 12, 2023

A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.

Vendor Advisory NVD

Products Associated with CVE-2023-37963

Want to know whenever a new CVE is published for Jenkins Benchmark Evaluator? stack.watch will email you.

Jenkins Benchmark Evaluator

Affected Versions

Jenkins Project Jenkins Benchmark Evaluator Plugin:

Before and including 1.0.1 is affected.

Exploit Probability

EPSS

0.10%

Percentile

26.47%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins BP: Permission check missing in Benchmark Evaluator 1.0.1- (CVE-2023-37963)CVE-2023-37963 Published on July 12, 2023

Products Associated with CVE-2023-37963

Affected Versions

Exploit Probability

Jenkins BP: Permission check missing in Benchmark Evaluator 1.0.1- (CVE-2023-37963)
CVE-2023-37963 Published on July 12, 2023