CVE-2023-40338

2023-08-1615:15:11

CWE-532

[email protected]

web.nvd.nist.gov

218

cve-2023-40338

jenkins folders plugin

error message

absolute path

log file

scan organization folder log

information disclosure

jenkins controller

file system

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.5%

JSON

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinsfoldersRange≤6.846.v23698686f0f6jenkins

CPENameOperatorVersion
jenkins:foldersjenkins foldersle6.846.v23698686f0f6

CPE	Name	Operator	Version
jenkins:folders	jenkins folders	le	6.846.v23698686f0f6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Folders Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "6.846.v23698686f0f6",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]