CVE-2023-49655
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-49655 is a cross-site request forgery (CSRF) vulnerability affecting the Jenkins MATLAB Plugin version 2.11.0 and earlier. This issue enables attackers to manipulate Jenkins into parsing an XML file from the Jenkins controller file system, potentially leading to unauthorized access or data modification. The vulnerability occurs due to insufficient input validation, allowing attackers to inject malicious XML files through user requests. System administrators are advised to upgrade to the latest plugin version or implement additional security measures, such as CSRF tokens, to mitigate this threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.