4 results (0.010 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers. El explorador de archivos en Jenkins Continuous Integration with Toad Edge Plugin 2.3 y anteriores puede interpretar algunas rutas de archivos como absolutas en Windows, resultando en una vulnerabilidad de salto de ruta que permite a atacantes con permiso de Item/Read obtener el contenido de archivos arbitrarios en los controladores de Windows • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2654 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A missing permission check in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. Una falta de comprobación de permisos en Jenkins Continuous Integration with Toad Edge Plugin versiones 2.3 y anteriores, permite a atacantes con permiso Overall/Read comprobar la existencia de una ruta de archivo especificada por el atacante en el sistema de archivos del controlador Jenkins • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2635 • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier allows attackers with Item/Configure permission to read arbitrary files on the Jenkins controller by specifying an input folder on the Jenkins controller as a parameter to its build steps. Jenkins Continuous Integration with Toad Edge Plugin versiones 2.3 y anteriores, permite a atacantes con permiso Item/Configure leer archivos arbitrarios en el controlador Jenkins especificando una carpeta de entrada en el controlador Jenkins como un parámetro para sus pasos de construcción • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-2633 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier does not apply Content-Security-Policy headers to report files it serves, resulting in a stored cross-site scripting (XSS) exploitable by attackers with Item/Configure permission or otherwise able to control report contents. Jenkins Continuous Integration with Toad Edge Plugin versiones 2.3 y anteriores, no aplican los encabezados Content-Security-Policy a los archivos de informes que sirve, resultando en una vulnerabilidad de tipo cross-site scripting (XSS) almacenado explotable por atacantes con permiso Item/Configure o que puedan controlar el contenido de los informes • http://www.openwall.com/lists/oss-security/2022/03/29/1 https://www.jenkins.io/security/advisory/2022-03-29/#SECURITY-1892 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •