Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-PP8M-PRR7-WR8W
HistoryMay 16, 2023 - 6:30 p.m.

Jenkins Sidebar Link Plugin vulnerable to Path Traversal

2023-05-1618:30:16
CWE-22
GitHub Advisory Database
github.com
9

0.0005 Low

EPSS

Percentile

15.2%

JSON

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons.

Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation.

This allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Sidebar Link Plugin 2.2.2 ensures that only files located within the expected userContent/ directory can be accessed.

Related

cve 1
cvelist 1
osv 2
prion 1
veracode 1
nessus 1
cve
cve
CVE-2023-32985
2023-05-16 16:15:11
cvelist
cvelist
CVE-2023-32985
2023-05-16 16:00:06
osv
osv
Jenkins Sidebar Link Plugin vulnerable to Path Traversal
2023-05-16 18:30:16
CVE-2023-32985
2023-05-16 16:15:11
prion
prion
Design/Logic Flaw
2023-05-16 16:15:00
veracode
veracode
Path Traversal
2023-05-30 13:04:07
nessus
nessus
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.17 Multiple Vulnerabilities (CloudBees Security Advisory 2023-05-16)
2023-05-16 00:00:00

0.0005 Low

EPSS

Percentile

15.2%

JSON
Related for GHSA-PP8M-PRR7-WR8W
cve1cvelist1osv2prion1veracode1nessus1