Published on: Not Yet Published
Last Modified on: 02/02/2023 03:46:00 PM UTC
CVE-2023-24449Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Pwauth Security Realm from Jenkins contain the following vulnerability:
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
- CVE-2023-24449 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: Jenkins Project - Jenkins PWauth Security Realm Plugin version <= 0.4
- Affected Vendor/Software: Jenkins Project - Jenkins PWauth Security Realm Plugin version ?> 0.4
CVSS3 Score: 4.3 - MEDIUM
|Jenkins Security Advisory 2023-01-24|| www.jenkins.io |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
|Application||Jenkins||Pwauth Security Realm||All||All||All||All|
No vendor comments have been submitted for this CVE
|@CVEreport||CVE-2023-24449 : Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in metho… twitter.com/i/web/status/1…||2023-01-26 22:19:34|