CVE-2023-24455

Path Traversal in Jenkins visualexpert Plugin in maven/io.jenkins.plugins/visualexpert

Identifiers

GHSA-8mmh-h4jh-2g34, CVE-2023-24455

Package Slug

maven/io.jenkins.plugins/visualexpert

Vulnerability

Path Traversal in Jenkins visualexpert Plugin

Description

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected Versions

All versions up to 1.3

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-27

source