CVE-2023-50774: 
Java vulnerability analysis and mitigation

A cross-site request forgery (CSRF) vulnerability was discovered in Jenkins HTMLResource Plugin versions 1.02 and earlier, identified as CVE-2023-50774. The vulnerability was disclosed on December 13, 2023, and affects the Jenkins automation server's HTMLResource Plugin component (Jenkins Advisory, NVD).

The vulnerability stems from the plugin's failure to require POST requests for an HTTP endpoint. This security flaw has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H, indicating a high severity issue that can be exploited remotely (NVD).

When successfully exploited, this vulnerability allows attackers to delete arbitrary files on the Jenkins controller file system. The high severity rating reflects the potential for significant impact on system integrity and availability (Jenkins Advisory).

As of the advisory's publication date, there is no fix available for this vulnerability. Users of HTMLResource Plugin version 1.02 and earlier should be aware of the risk and consider implementing additional security controls to protect their Jenkins installations (Jenkins Advisory).

The vulnerability was discovered and reported by Andrea Chiera from CloudBees, Inc., highlighting the ongoing security research efforts within the Jenkins ecosystem (Jenkins Advisory).