VYPR
← All advisories
Moderate severityNVD Advisory· Published Dec 13, 2023· Updated May 22, 2025

CVE-2023-50768

CVE-2023-50768

Description

A CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-controlled HTTP server using credentials obtained via other means, capturing stored credentials.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A CSRF vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-controlled HTTP server using credentials obtained via other means, capturing stored credentials.

Vulnerability

Overview

A cross-site request forgery (CSRF) vulnerability exists in the Jenkins Nexus Platform Plugin, versions 3.18.0-03 and earlier. The plugin fails to require HTTP POST requests for endpoints that perform state-changing operations, allowing attackers to craft malicious web pages that, when visited by an authenticated Jenkins user, execute unintended actions [1][2]. This vulnerability is tracked as CVE-2023-50768 with a CVSS score yet to be finally assessed by NVD, but Jenkins rates it as Medium severity [1][3].

Exploitation

Details

An attacker with knowledge of a valid credential ID (obtained through another vulnerability or method) can exploit this CSRF flaw to connect Jenkins to an attacker-specified HTTP server. The attack does not require any special permissions beyond tricking an authenticated Jenkins administrator into accessing a crafted link [1][3]. The plugin's lack of appropriate CSRF protection, such as the @POST annotation on sensitive doCheck methods, is the root cause, as confirmed by the commit that adds @POST annotations and permission checks [4].

Impact

Successful exploitation allows the attacker to exfiltrate credentials stored in Jenkins by connecting to a malicious server under their control. The attacker-supplied credentials ID must be obtained through a separate method, such as another vulnerability, but once obtained, this CSRF enables credential theft [1][3].

Mitigation

A fix was released in Nexus Platform Plugin version 3.18.1-01, which adds proper CSRF protection by ensuring state-changing endpoints require POST requests and appropriate permission checks [1][4]. Users are strongly advised to upgrade to this version or later. No workarounds are documented.

References
  1. Jenkins Security Advisory 2023-12-13
  2. security - Multiple vulnerabilities in Jenkins plugins
  3. NVD - CVE-2023-50768
  4. Add protection from CSRF (#291) · jenkinsci/nexus-platform-plugin@1d5e1e9

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.sonatype.nexus.ci:nexus-jenkins-pluginMaven
< 3.18.1-013.18.1-01

Affected products

2

Patches

1
1d5e1e9e457a

Add protection from CSRF (#291)

https://github.com/jenkinsci/nexus-platform-pluginEduard TitaNov 7, 2023via ghsa
commit
4 files changed · +20 1
  • pom.xml+1 1 modified
    @@ -85,7 +85,7 @@
     <enforcer.skip>true</enforcer.skip> <!-- TODO numerous requireUpperBoundDeps, some probably indicative of real problems -->
     <jvnet-localizer-plugin.version>1.23</jvnet-localizer-plugin.version>
     <forkCount>1</forkCount>
-    <nexus-platform-api.version>4.3.1-01</nexus-platform-api.version>
+    <nexus-platform-api.version>4.3.2-01</nexus-platform-api.version>
 
     <buildsupport.version>36</buildsupport.version>
     <buildsupport.license-maven-plugin.version>4.1</buildsupport.license-maven-plugin.version>
  • src/main/java/org/sonatype/nexus/ci/config/NxiqConfiguration.groovy+9 0 modified
    @@ -24,6 +24,7 @@ import hudson.util.ListBoxModel
 import jenkins.model.Jenkins
 import org.kohsuke.stapler.DataBoundConstructor
 import org.kohsuke.stapler.QueryParameter
+import org.kohsuke.stapler.verb.POST
 
 class NxiqConfiguration
     implements Describable<NxiqConfiguration>
@@ -83,7 +84,9 @@ class NxiqConfiguration
       Messages.NxiqConfiguration_DisplayName()
     }
 
+    @POST
     FormValidation doCheckDisplayName(@QueryParameter String value, @QueryParameter String internalId) {
+      Jenkins.get().checkPermission(Jenkins.ADMINISTER)
       def globalConfigurations = GlobalNexusConfiguration.globalNexusConfiguration
       for (NxiqConfiguration config : globalConfigurations.iqConfigs) {
         if (config.internalId != internalId && config.displayName == value) {
@@ -93,7 +96,9 @@ class NxiqConfiguration
       return FormUtil.validateNotEmpty(value, 'Display Name is required')
     }
 
+    @POST
     FormValidation doCheckId(@QueryParameter String value, @QueryParameter String internalId) {
+      Jenkins.get().checkPermission(Jenkins.ADMINISTER)
       def globalConfigurations = GlobalNexusConfiguration.globalNexusConfiguration
       for (NxiqConfiguration config : globalConfigurations.iqConfigs) {
         if (config.internalId != internalId && config.id == value) {
@@ -108,7 +113,9 @@ class NxiqConfiguration
     }
 
     @SuppressWarnings('unused')
+    @POST
     FormValidation doCheckServerUrl(@QueryParameter String value) {
+      Jenkins.get().checkPermission(Jenkins.ADMINISTER)
       def validation = FormUtil.validateUrl(value)
       if (validation.kind == Kind.OK) {
         validation = FormUtil.validateNotEmpty(value, Messages.Configuration_ServerUrlRequired())
@@ -123,10 +130,12 @@ class NxiqConfiguration
     }
 
     @SuppressWarnings('unused')
+    @POST
     FormValidation doVerifyCredentials(
         @QueryParameter String serverUrl,
         @QueryParameter String credentialsId) throws IOException
     {
+      Jenkins.get().checkPermission(Jenkins.ADMINISTER)
       return IqUtil.verifyJobCredentials(serverUrl, credentialsId, Jenkins.instance)
     }
   }
  • src/main/java/org/sonatype/nexus/ci/config/Nxrm2Configuration.groovy+5 0 modified
    @@ -18,8 +18,10 @@ import org.sonatype.nexus.ci.config.NxrmConfiguration.NxrmDescriptor
 
 import hudson.Extension
 import hudson.util.FormValidation
+import jenkins.model.Jenkins
 import org.kohsuke.stapler.DataBoundConstructor
 import org.kohsuke.stapler.QueryParameter
+import org.kohsuke.stapler.verb.POST
 
 import static hudson.util.FormValidation.error
 import static hudson.util.FormValidation.ok
@@ -58,9 +60,12 @@ class Nxrm2Configuration
     }
 
     @Override
+    @POST
     FormValidation doVerifyCredentials(@QueryParameter String serverUrl, @QueryParameter String credentialsId)
         throws IOException
     {
+      Jenkins.get().checkPermission(Jenkins.ADMINISTER)
+
       try {
         def repositories = getApplicableRepositories(serverUrl, credentialsId)
  • src/main/java/org/sonatype/nexus/ci/config/Nxrm3Configuration.groovy+5 0 modified
    @@ -17,8 +17,10 @@ import com.sonatype.nexus.api.exception.RepositoryManagerException
 import groovy.util.logging.Log
 import hudson.Extension
 import hudson.util.FormValidation
+import jenkins.model.Jenkins
 import org.kohsuke.stapler.DataBoundConstructor
 import org.kohsuke.stapler.QueryParameter
+import org.kohsuke.stapler.verb.POST
 
 import static hudson.util.FormValidation.error
 import static hudson.util.FormValidation.ok
@@ -80,9 +82,12 @@ class Nxrm3Configuration
     }
 
     @Override
+    @POST
     FormValidation doVerifyCredentials(@QueryParameter String serverUrl, @QueryParameter String credentialsId)
         throws IOException
     {
+      Jenkins.get().checkPermission(Jenkins.ADMINISTER)
+
       def repositories
       def badVersionMsg = ''

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

1