EUVD-2022-2321

Malicious code in bioql PyPI...

CVE-2023-32985

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...

GHSA-PP8M-PRR7-WR8W Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Jenkins Sidebar Link Plugin allows specifying files in the userContent/ directory for use as link icons. Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation. This allows attackers with Overall/Read permission to check for the existenc...

CVE-2023-32985

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2023-32985

The CVE-2023-32985 issue affects the Jenkins Sidebar Link Plugin (version 2.2.1 and earlier). It allows path traversal by not properly restricting the path of files during a form-validation operation, enabling attackers with Overall/Read permission to check whether an attacker-specified file path...

PT-2023-24118 · Jenkins · Jenkins Sidebar Link Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Sidebar Link Plugin versions 2.2.1 and earlier Description: The issue allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. This is due to th...

Jenkins Sidebar Link Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Sidebar Link plugin is one of the...

CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

Input validation

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The CVE concerns Jenkins Sidebar Link Plugin. The root cause is lack of input validation for sidebar entries configured by users, enabling javascript: schemes to be used in links. This leads to cross-site scripting (XSS) in affected Jenkins objects. Connected advisories (GHSA and CNVD variants) c...