CVE-2023-30521: Jenkins Assembla merge request builder Plugin missing authentication to access endpoint

April 12, 2023

A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

References

github.com/advisories/GHSA-jr86-6j4j-mv45
nvd.nist.gov/vuln/detail/CVE-2023-30521
www.jenkins.io/security/advisory/2023-04-12/

Detect and mitigate CVE-2023-30521 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →