GHSA-8MMH-H4JH-2G34 Path Traversal in Jenkins visualexpert Plugin

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2023-24455

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

PT-2023-19615 · Jenkins · Jenkins Visualexpert Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins visualexpert Plugin versions 1.3 and earlier Description: The issue allows attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system, due to a lack of...

CVE-2023-24455

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

CVE-2023-24455

CVE-2023-24455 affects the Jenkins visualexpert plugin (versions 1.3 and earlier). The issue arises from not restricting file names in methods implementing form validation, enabling attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenki...