CVE-2023-32985

Jenkins Sidebar Link Plugin vulnerable to Path Traversal in maven/org.jenkins-ci.plugins/sidebar-link

Identifiers

CVE-2023-32985, GHSA-pp8m-prr7-wr8w

Package Slug

maven/org.jenkins-ci.plugins/sidebar-link

Vulnerability

Jenkins Sidebar Link Plugin vulnerable to Path Traversal

Description

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected Versions

All versions before 2.2.2

Solution

Upgrade to version 2.2.2 or above.

Last Modified

2023-05-17

source