CVE-2023-50764

Vulnerability

Description

The Jenkins Scriptler Plugin, versions 342.v6a_89fd40f466 and earlier, contains a vulnerability in an HTTP endpoint that does not properly restrict a file name query parameter. This allows an attacker who has the Scriptler/Configure permission to specify any file path on the Jenkins controller file system for deletion, leading to arbitrary file deletion [1][2].

Exploitation

An attacker needs the Scriptler/Configure permission to exploit this vulnerability. The endpoint does not validate that the file being deleted resides within an expected directory, enabling path traversal attacks. No additional authentication is required beyond the initial permission check for the endpoint [1].

Impact

Successful exploitation allows the attacker to delete arbitrary files on the Jenkins controller server. This could result in data loss, disruption of service, or potentially a denial of service if critical system files are removed [1][2].

Mitigation

The vulnerability is fixed in Scriptler Plugin version 344.v5a_ddb_5f9e685. Users should upgrade to this version or later, which adds a check ensuring that the file to be deleted is located within the intended directory [1][2].