32 matches found
CVE-2026-53422
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
UBUNTU-CVE-2026-53422
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
CVE-2026-53422
CVE-2026-53422 describes an observable response discrepancy in Erlang/OTP ssh_sftpd where the REALPATH handling bypasses the root check, enabling an authenticated SFTP user to determine the existence of files/directories outside the configured root. The uncanonicalized path can trigger resolve_sy...
CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...
EEF-CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root
Summary Observable Response Discrepancy vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH\FXP\REALPATH handler in ssh\sftpd calls relate\file\name/3 with...
CVE-2026-42885
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...
CVE-2026-42885
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...
PT-2026-39750
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith to validate that a resolved file path is within a library folder. This check fails for sibling directories whose names share a common prefix e.g.,...
Information Disclosure
Jenkins Git Client Plugin is vulnerable to an Information Disclosure. The vulnerability is due to differential form validation behavior, where Git URL validation responses vary based on whether an attacker-specified file path exists on the Jenkins controller when using the amazon-s3 protocol,...
EUVD-2025-26516
Malicious code in bioql PyPI...
Jenkins Git client Plugin file system information disclosure vulnerability
In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...
GHSA-G2PQ-9JR7-W6GV Jenkins Git client Plugin file system information disclosure vulnerability
In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...
CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...
CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...
CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...
CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...
CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...
CVE-2025-24249
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system...
jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...
jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...