CVE-2023-50778: 
Java vulnerability analysis and mitigation

A cross-site request forgery (CSRF) vulnerability has been identified in Jenkins PaaSLane Estimate Plugin versions 1.0.4 and earlier, tracked as CVE-2023-50778. The vulnerability was discovered by Andrea Chiera from CloudBees, Inc. and was publicly disclosed on December 13, 2023. This security issue affects the Jenkins PaaSLane Estimate Plugin, a component used in the Jenkins automation server (Jenkins Advisory).

The vulnerability stems from the plugin's failure to implement proper security controls in several HTTP endpoints. Specifically, the plugin does not require POST requests for these endpoints, which makes them susceptible to CSRF attacks. The severity of this vulnerability is rated as Medium according to the CVSS scoring system, with a base score of 8.8 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD).

When exploited, this vulnerability allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. This could potentially lead to unauthorized access and manipulation of system resources (Jenkins Advisory).

As of the advisory's publication date, there is no fix available for this vulnerability in the PaaSLane Estimate Plugin. Users should consider implementing additional security controls or limiting access to the affected plugin until a patch is released (Jenkins Advisory).