9 matches found
Path Traversal in Jenkins visualexpert Plugin
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
GHSA-8MMH-H4JH-2G34 Path Traversal in Jenkins visualexpert Plugin
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
Design/Logic Flaw
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
Jenkins Plugin visualexpert 路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-19615 · Jenkins · Jenkins Visualexpert Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins visualexpert Plugin versions 1.3 and earlier Description: The issue allows attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system, due to a lack of...
CVE-2023-24455
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...
CVE-2023-24455
CVE-2023-24455 affects the Jenkins visualexpert plugin (versions 1.3 and earlier). The issue arises from not restricting file names in methods implementing form validation, enabling attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenki...
Jenkins Enterprise and Operations Center 2.346.x < 2.346.40.0.7 Multiple Vulnerabilities (CloudBees Security Advisory 2023-01-24)
The version of Jenkins Enterprise or Jenkins Operations Center running on the remote web server is 2.346.x prior to 2.346.40.0.7. It is, therefore, affected by multiple vulnerabilities including the following: - Sandbox bypass vulnerability in Script Security Plugin CVE-2023-24422 - CSRF...