CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40338 – jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40338
16 Aug 2023 — Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. Th... • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40337 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40337
16 Aug 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40336 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts
https://notcve.org/view.php?id=CVE-2023-40336
16 Aug 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-352: Cross-Site Request Forgery (CSRF) •