CVE-2023-50779: 
Java vulnerability analysis and mitigation

CVE-2023-50779 is a missing permission check vulnerability affecting Jenkins PaaSLane Estimate Plugin versions 1.0.4 and earlier. The vulnerability was discovered by Andrea Chiera from CloudBees, Inc. and was publicly disclosed on December 13, 2023. This security issue affects the plugin's HTTP endpoints and allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token (Jenkins Advisory).

The vulnerability is classified as Medium severity with a CVSS v3.1 base score of 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). The core issue stems from insufficient permission checks in several HTTP endpoints of the PaaSLane Estimate Plugin. The vulnerability is tracked as SECURITY-3179 in Jenkins security tracking system and is related to CWE-862 (Missing Authorization) (NVD).

The vulnerability allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified token. This could potentially lead to unauthorized access and manipulation of resources through the affected HTTP endpoints (Jenkins Advisory).

As of the advisory's publication on December 13, 2023, no fixes are available for this vulnerability in the PaaSLane Estimate Plugin. Users should monitor for updates and consider implementing additional access controls to restrict access to the affected plugin (Jenkins Advisory).