CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32985
https://notcve.org/view.php?id=CVE-2023-32985
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. • https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3125 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000088
https://notcve.org/view.php?id=CVE-2017-1000088
The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links. El plugin Sidebar Link permite que los usuarios puedan configurar tareas, vistas y agentes para añadir entradas en la barra lateral de estos objetos. No existe validación de entradas, lo que significa que los usuarios pueden utilizar esquemas javascript: para estos enlaces. • https://jenkins.io/security/advisory/2017-07-10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •