GHSA-8mmh-h4jh-2g34

Suggest an improvement
Source
https://github.com/advisories/GHSA-8mmh-h4jh-2g34
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-8mmh-h4jh-2g34/GHSA-8mmh-h4jh-2g34.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-8mmh-h4jh-2g34
Aliases
  • CVE-2023-24455
Published
2023-01-26T21:30:18Z
Modified
2023-11-08T04:11:46.560037Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Path Traversal in Jenkins visualexpert Plugin
Details

Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Database specific 
{
    "nvd_published_at": "2023-01-26T21:18:00Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-27T00:56:07Z",
    "severity": "MODERATE"
}
References

Affected packages

Maven / io.jenkins.plugins:visualexpert

Package

Name
io.jenkins.plugins:visualexpert
View open source insights on deps.dev
Purl
pkg:maven/io.jenkins.plugins/visualexpert

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.3

Affected versions

1.*
1.0
1.3

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-8mmh-h4jh-2g34/GHSA-8mmh-h4jh-2g34.json"