CVE-2023-50769: 
Java vulnerability analysis and mitigation

CVE-2023-50769 is a security vulnerability discovered in Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier, disclosed on December 13, 2023. The vulnerability stems from missing permission checks in methods implementing form validation, affecting the plugin's security controls (Jenkins Advisory, NVD).

The vulnerability is classified as Medium severity with a CVSS v3.1 base score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). The issue stems from insufficient permission checks in form validation methods, which allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs that were obtained through another method (NVD).

The vulnerability allows attackers with Overall/Read permission to potentially capture credentials stored in Jenkins by connecting to an attacker-specified HTTP server using credential IDs obtained through other means. This could lead to unauthorized access to sensitive credential information stored in the Jenkins system (Jenkins Advisory).

The vulnerability has been fixed in Nexus Platform Plugin version 3.18.1-01, which now requires POST requests and Overall/Administer permission for the affected form validation methods. Users are advised to upgrade to this version. However, it's noted that the Nexus Platform Plugin is not currently distributed by the Jenkins Project due to licensing issues. The fixed version can be downloaded from the Sonatype website (Jenkins Advisory).