CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40204 – WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-40204
Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. Este problema afecta a Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: desde n/ a hasta 2.9.2. The Folders plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_folders_file_upload function in versions up to, and including, 2.9.2. This makes it possible for authenticated attackers, with author-level permissions or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/folders/wordpress-folders-plugin-2-9-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40338 – jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40338
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This flaw exposes information about the Jenkins controller file system. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109 https://access.redhat.com/security/cve/CVE-2023-40338 https://bugzilla.redhat.com/show_bug.cgi?id=2232426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40337 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40337
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105 https://access.redhat.com/security/cve/CVE-2023-40337 https://bugzilla.redhat.com/show_bug.cgi?id=2232425 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40336 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts
https://notcve.org/view.php?id=CVE-2023-40336
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106 https://access.redhat.com/security/cve/CVE-2023-40336 https://bugzilla.redhat.com/show_bug.cgi?id=2232424 • CWE-352: Cross-Site Request Forgery (CSRF) •