Lucene search

Veracode Vulnerability DatabaseVERACODE:42851

HistoryAug 18, 2023 - 10:19 a.m.

Information Disclosure

2023-08-1810:19:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

jenkins-ci

cloudbees-folder

information disclosure

organization folder

log file

attacker

sensitive information

vulnerability

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

org.jenkins-ci.plugins, cloudbees-folder is vulnerable to Information Disclosure. The vulnerability exists because the library does not properly restrict the organization folder log file location, which allows an attacker to gain access to sensitive information in the system.

CPENameOperatorVersion
folders pluginle6.846.v23698686f0f6
folders pluginle6.846.v23698686f0f6

CPE	Name	Operator	Version
	folders plugin	le	6.846.v23698686f0f6
	folders plugin	le	6.846.v23698686f0f6

References

www.openwall.com/lists/oss-security/2023/08/16/3

github.com/advisories/GHSA-36hq-v2fc-rpqp

github.com/jenkinsci/cloudbees-folder-plugin/commit/6a3fb43e8561b6c0cba59919b93fc47bb6dfb60c

www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for VERACODE:42851