Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01eHBjLWM0eHYtN3c2Ms4AAxJS
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Permalink: https://github.com/advisories/GHSA-5xpc-c4xv-7w62JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01eHBjLWM0eHYtN3c2Ms4AAxJS
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-5xpc-c4xv-7w62, CVE-2023-24449
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-24449
- https://www.jenkins.io/security/advisory/2023-01-24/#SECURITY-2985
- https://github.com/advisories/GHSA-5xpc-c4xv-7w62
Affected Packages
maven:org.jvnet.hudson.plugins:pwauth
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: <= 0.4
No known fixed version
All affected versions: