QID 995776
Date Published: 2023-11-01
QID 995776: Java (Maven) Security Update for org.jenkins-ci.plugins:electricflow (GHSA-9ggw-h9mf-4jh7)
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the CloudBees CD - Publish Artifact post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-9ggw-h9mf-4jh7 for updates and patch information.
Vendor References
- GHSA-9ggw-h9mf-4jh7 -
github.com/advisories/GHSA-9ggw-h9mf-4jh7
CVEs related to QID 995776
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-9ggw-h9mf-4jh7 | org.jenkins-ci.plugins:electricflow |
|