CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40204 – WordPress Folders Plugin <= 2.9.2 is vulnerable to Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-40204
28 Aug 2023 — Unrestricted Upload of File with Dangerous Type vulnerability in Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager.This issue affects Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager: from n/a through 2.9.2. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Premio Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager. Este problema afecta a Folders – Unlimited Fo... • https://patchstack.com/database/vulnerability/folders/wordpress-folders-plugin-2-9-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40338 – jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40338
16 Aug 2023 — Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin display an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. Th... • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40337 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin
https://notcve.org/view.php?id=CVE-2023-40337
16 Aug 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. A flaw was found in the Jenkins Folders plugin. Affected versions of this plugin allow attackers to copy a view inside a folder. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40336 – jenkins-plugins: cloudbees-folder: CSRF vulnerability in Folders Plugin may approve unsandboxed scripts
https://notcve.org/view.php?id=CVE-2023-40336
16 Aug 2023 — A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. A flaw was found in the Jenkins Folders Plugin. Affected versions of this plugin allow attackers to copy folders. • http://www.openwall.com/lists/oss-security/2023/08/16/3 • CWE-352: Cross-Site Request Forgery (CSRF) •