CVE-2023-24449

Path traversal vulnerability in Jenkins PWauth Security Realm Plugin in maven/org.jvnet.hudson.plugins/pwauth

Identifiers

GHSA-5xpc-c4xv-7w62, CVE-2023-24449

Package Slug

maven/org.jvnet.hudson.plugins/pwauth

Vulnerability

Path traversal vulnerability in Jenkins PWauth Security Realm Plugin

Description

Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected Versions

All versions up to 0.4

Solution

Unfortunately, there is no solution available yet.

Last Modified

2023-01-27

source