Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedHat Linux
RedHat Linuxadded 2023/06/23 5:44 p.m.30 views

jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin

A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...

8.8CVSS5.9AI score0.03627EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2023/06/15 12:17 a.m.3 views

jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin

A flaw was found in the Jenkins Pipeline Utility Steps Plugin. This flaw allows a remote, authenticated attacker to traverse directories on the system, caused by improper archive file validation. The attacker can use a specially crafted archive file containing "dot dot" sequences /../ to create o...

8.8CVSS5.9AI score0.03627EPSS
Exploits0References5
Veracode
Veracodeadded 2023/05/21 9:41 a.m.19 views

Information Disclosure

org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...

4.3CVSS6.7AI score0.0051EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2023/05/16 6:15 p.m.13 views

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

4.3CVSS4.5AI score0.0051EPSS
Exploits0References1
OSV
OSVadded 2023/05/16 6:15 p.m.0 views

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

4.3CVSS5.8AI score
Exploits0References1
AlpineLinux
AlpineLinuxadded 2023/05/16 5:46 p.m.17 views

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

4.3CVSS6.9AI score0.0051EPSS
Exploits0References1
Prion
Prionadded 2023/05/16 4:15 p.m.20 views

Arbitrary file deletion

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content...

6.5CVSS8.6AI score0.03627EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder