CVE-2023-37960

Summary

Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins MathWorks Polyspace Plugin0 <= 1.0.5affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References