GHSA-46f2-x6h2-x9hx, CVE-2023-32986
maven/io.jenkins.plugins/file-parameters
Jenkins File Parameter Plugin arbitrary file write vulnerability
Jenkins File Parameter Plugin 285.v757c5b67ac25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
All versions before 285.287.v4b
Upgrade to version 285.287.v4b or above.
2023-05-17
source |