CVE-2023-50764

Summary

Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Scriptler Plugin0 <= 342.v6a_89fd40f466affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References