{"id":"CVE-2023-50768","details":"A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.","aliases":["GHSA-phjq-7xqp-2526"],"modified":"2026-04-12T08:24:07.395339Z","published":"2023-12-13T18:15:43.943Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-12-13/#SECURITY-3203"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/12/13/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/nexus-platform-plugin","events":[{"introduced":"0"},{"last_affected":"ed204271174ae13397e12ee5146dfbc29a8ca9a3"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"3.18.0-03"}],"cpe":"cpe:2.3:a:jenkins:nexus_platform:*:*:*:*:*:jenkins:*:*","source":"CPE_FIELD"}}],"versions":["3.13.398.v0b_eb_22e7a_122","3.14.401.v1311ea_023ce5","3.14.403.v07c2f1f96d60","3.14.405.v74e19a_0b_1a_1a_","3.14.407.v9d113b_445204","3.14.412.v8021dc9cc4ef","3.14.415.v4605773547f3","3.14.418.v7a_687b_6a_4c1d","3.14.424.v8290b_b_ec62cb_","3.14.431.v37ca_dc788b_b_1","3.15.438.vf87a_0dc45166","3.16.444.v52b_e5e2db_503","3.16.449.v50228c7ca_222","3.16.453.v39a_b_a_0401562","3.16.455.vd5654e1c14b_a_","3.16.459.vcdf273b_29f8c","3.16.465.ve8709b_fa_df42","3.16.471.v2dcf088efb_7f","3.16.474.vb_0cdf4908780","3.16.476.v410d6968f400","3.16.478.v41ee37380162","3.16.481.ved9f5106e132","3.16.485.ve2c3a_17ec407","3.16.487.v5d4d3b_6942ee","3.16.489.v7cf06846a_c96","3.16.491.v77a_2f8921c88","3.16.497.vd8491dd15a_8d","3.16.501.ve3d6b_58f1d37","3.16.503.vb_a_7b_10f1c4cf","3.16.506.v3e10c22ddc08","3.16.508.vfc408b_9601f0","3.16.510.v4d23e22cf563","3.17.514.va_6dfca_8a_f7a_c","3.17.518.v9cb_3ff833922","nexus-jenkins-plugin-3.11.20210716-075132.3b66565","release-1.0.0-02","release-1.0.1-01","release-1.0.2-02","release-1.1.0-05","release-3.18.0-02","release-3.18.0-03"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50768.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}