Description
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.
Published: 2023-04-12
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-1308 Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.
Github GHSA Github GHSA GHSA-gh5w-gffh-68pr Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
History

Fri, 07 Feb 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Jenkins Lucene-search
cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published:

Updated: 2025-02-07T18:16:36.998Z

Reserved: 2023-04-12T08:40:40.605Z

Link: CVE-2023-30529

cve-icon Vulnrichment

Updated: 2024-08-02T14:28:51.266Z

cve-icon NVD

Status : Modified

Published: 2023-04-12T18:15:12.197

Modified: 2025-02-07T19:15:24.007

Link: CVE-2023-30529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses