GHSA-8MMH-H4JH-2G34 Path Traversal in Jenkins visualexpert Plugin

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Path Traversal in Jenkins visualexpert Plugin

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2023-24455

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Design/Logic Flaw

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Plugin visualexpert 路径遍历漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-19615 · Jenkins · Jenkins Visualexpert Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins visualexpert Plugin versions 1.3 and earlier Description: The issue allows attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system, due to a lack of...

CVE-2023-24455

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)

The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...

CVE-2023-24455

CVE-2023-24455 affects the Jenkins visualexpert plugin (versions 1.3 and earlier). The issue arises from not restricting file names in methods implementing form validation, enabling attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenki...