Lucene search
HistoryApr 12, 2023 - 6:15 p.m.
CVE-2023-30529
cve-2023-30529
jenkins
lucene-search plugin
database reindexing
nvd
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.
Affected configurations
Node
jenkinslucene-searchRange≤387.v938a_ecb_f7fe9jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:lucene-search | jenkins lucene-search | le | 387.v938a_ecb_f7fe9 |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins Lucene-Search Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "387.v938a_ecb_f7fe9",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
prion
prion
Code injection
2023-04-12 18:15:00
cvelist
cvelist
CVE-2023-30529
2023-04-12 17:05:17
alpinelinux
alpinelinux
CVE-2023-30529
2023-04-12 18:15:12
osv
osv
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
2023-04-12 18:30:36
nvd
nvd
CVE-2023-30529
2023-04-12 18:15:12
github
github
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
2023-04-12 18:30:36
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
4.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%
Related for CVE-2023-30529