CVE-2023-49654 – The Jenkins MATLAB Plugin vulnerability allows ... (How to Fix)

Q: What is the severity of CVE-2023-49654?

CVE-2023-49654 has a CVSS score of 9.8 (CRITICAL). The Jenkins MATLAB Plugin vulnerability allows attackers to read arbitrary XML files from the Jenkins controller file system due to missing permission checks. This affects Jenkins instances with the MATLAB Plugin version 2.11.0 or earlier installed. Attackers can exploit this to access sensitive configuration files and potentially escalate privileges.

📋 TL;DR

The Jenkins MATLAB Plugin vulnerability allows attackers to read arbitrary XML files from the Jenkins controller file system due to missing permission checks. This affects Jenkins instances with the MATLAB Plugin version 2.11.0 or earlier installed. Attackers can exploit this to access sensitive configuration files and potentially escalate privileges.

💻 Affected Systems

Products:

Jenkins MATLAB Plugin

Versions: 2.11.0 and earlier

Operating Systems: All platforms running Jenkins

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Jenkins installations with the MATLAB Plugin installed. The vulnerability exists in the plugin itself, not in core Jenkins.

📦 What is this software?

Matlab by Jenkins

View all CVEs affecting Matlab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files (like credentials.xml), extract secrets, and use them to gain administrative access to Jenkins, potentially leading to complete system compromise.

🟠

Likely Case

Unauthorized users reading sensitive Jenkins configuration files containing credentials, API keys, or other secrets that could be used for further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to file read operations within the Jenkins controller's accessible file system.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access to Jenkins (authenticated user). The vulnerability is in a specific endpoint that should have permission checks but doesn't.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.12.0

Vendor Advisory: https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193

Restart Required: Yes

Instructions:

1. Update Jenkins MATLAB Plugin to version 2.12.0 or later via Jenkins Plugin Manager. 2. Restart Jenkins after plugin update. 3. Verify the plugin version in Manage Jenkins > Manage Plugins > Installed tab.

🔧 Temporary Workarounds

Disable MATLAB Plugin

all

Temporarily disable the vulnerable plugin if immediate patching isn't possible

Navigate to Manage Jenkins > Manage Plugins > Installed tab, find MATLAB Plugin, click Disable

Restrict Jenkins Access

all

Limit network access to Jenkins to trusted IPs only

Configure firewall rules to restrict access to Jenkins port (typically 8080)

🧯 If You Can't Patch

Remove the MATLAB Plugin entirely if not needed
Implement strict access controls and audit all Jenkins user permissions

🔍 How to Verify

Check if Vulnerable:

Check installed plugin version in Jenkins: Manage Jenkins > Manage Plugins > Installed tab, look for MATLAB Plugin version

Check Version:

Check Jenkins web interface or examine $JENKINS_HOME/plugins/matlab-plugin/META-INF/MANIFEST.MF for version

Verify Fix Applied:

Verify MATLAB Plugin version is 2.12.0 or higher in Manage Jenkins > Manage Plugins > Installed tab

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to MATLAB Plugin endpoints
Multiple failed authentication attempts followed by successful access

Network Indicators:

Unusual HTTP requests to /plugin/matlab/ endpoints from unauthorized sources

SIEM Query:

source="jenkins.log" AND ("matlab" OR "/plugin/matlab/") AND (status=200 OR status=403)

📊 Metadata

CVE ID: CVE-2023-49654

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: November 29, 2023

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2023/11/29/1 Mailing List
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193 Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/11/29/1 Mailing List
https://www.jenkins.io/security/advisory/2023-11-29/#SECURITY-3193 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49654, you might also want to check these: