CVE-2023-40338: Jenkins Folders Plugin information disclosure vulnerability

August 16, 2023 (updated August 18, 2023)

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.

References

www.openwall.com/lists/oss-security/2023/08/16/3
github.com/advisories/GHSA-36hq-v2fc-rpqp
nvd.nist.gov/vuln/detail/CVE-2023-40338
www.jenkins.io/security/advisory/2023-08-16/

Detect and mitigate CVE-2023-40338 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →