Nexus Platform

nexus_platform

Vendor: Jenkins • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-50769 1Jenkins 1Nexus Platform Jun 17, 2026 Dec 13, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtai...Show more Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2023-50768 1Jenkins 1Nexus Platform Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained...Show more A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.Show less
CVE-2023-50767 1Jenkins 1Nexus Platform Jun 17, 2026 Dec 13, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML.
CVE-2023-50766 1Jenkins 1Nexus Platform Jun 17, 2026 Dec 13, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML.