2 matches found
CVE-2023-24449
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-24449
CVE-2023-24449 refers to the PWauth Security Realm Plugin for Jenkins (version 0.4 and earlier). The issue is a path traversal-like flaw where file-name restrictions are not applied in form-validation code, enabling attackers with Overall/Read permission to check for the existence of an attacker-...