Search
Find a vulnerability
Search criteria
6 vulnerabilities found for Jenkins Folders Plugin by Jenkins Project
CVE-2023-40338 (GCVE-0-2023-40338)
Vulnerability from nvd – Published: 2023-08-16 14:32 – Updated: 2024-08-02 18:31
VLAI
Summary
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Folders Plugin |
Affected:
0 , ≤ 6.846.v23698686f0f6
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins Folders Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "6.846.v23698686f0f6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:51:21.687Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-40338",
"datePublished": "2023-08-16T14:32:50.674Z",
"dateReserved": "2023-08-14T16:02:56.435Z",
"dateUpdated": "2024-08-02T18:31:53.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40337 (GCVE-0-2023-40337)
Vulnerability from nvd – Published: 2023-08-16 14:32 – Updated: 2024-10-08 17:52
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Folders Plugin |
Affected:
0 , ≤ 6.846.v23698686f0f6
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:51:52.416142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:52:04.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins Folders Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "6.846.v23698686f0f6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:51:20.506Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-40337",
"datePublished": "2023-08-16T14:32:50.031Z",
"dateReserved": "2023-08-14T16:02:56.435Z",
"dateUpdated": "2024-10-08T17:52:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40336 (GCVE-0-2023-40336)
Vulnerability from nvd – Published: 2023-08-16 14:32 – Updated: 2024-10-08 18:33
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Folders Plugin |
Affected:
0 , ≤ 6.846.v23698686f0f6
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:32:33.886075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:33:08.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins Folders Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "6.846.v23698686f0f6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:51:19.320Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-40336",
"datePublished": "2023-08-16T14:32:49.394Z",
"dateReserved": "2023-08-14T16:02:56.434Z",
"dateUpdated": "2024-10-08T18:33:08.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40338 (GCVE-0-2023-40338)
Vulnerability from cvelistv5 – Published: 2023-08-16 14:32 – Updated: 2024-08-02 18:31
VLAI
Summary
Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.
Severity
No CVSS data available.
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Folders Plugin |
Affected:
0 , ≤ 6.846.v23698686f0f6
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins Folders Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "6.846.v23698686f0f6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:51:21.687Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3109"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-40338",
"datePublished": "2023-08-16T14:32:50.674Z",
"dateReserved": "2023-08-14T16:02:56.435Z",
"dateUpdated": "2024-08-02T18:31:53.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40337 (GCVE-0-2023-40337)
Vulnerability from cvelistv5 – Published: 2023-08-16 14:32 – Updated: 2024-10-08 17:52
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Folders Plugin |
Affected:
0 , ≤ 6.846.v23698686f0f6
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40337",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T17:51:52.416142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T17:52:04.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins Folders Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "6.846.v23698686f0f6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:51:20.506Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3105"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-40337",
"datePublished": "2023-08-16T14:32:50.031Z",
"dateReserved": "2023-08-14T16:02:56.435Z",
"dateUpdated": "2024-10-08T17:52:04.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40336 (GCVE-0-2023-40336)
Vulnerability from cvelistv5 – Published: 2023-08-16 14:32 – Updated: 2024-10-08 18:33
VLAI
Summary
A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Jenkins Project | Jenkins Folders Plugin |
Affected:
0 , ≤ 6.846.v23698686f0f6
(maven)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:32:33.886075Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:33:08.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jenkins Folders Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "6.846.v23698686f0f6",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders."
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T12:51:19.320Z",
"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"shortName": "jenkins"
},
"references": [
{
"name": "Jenkins Security Advisory 2023-08-16",
"tags": [
"vendor-advisory"
],
"url": "https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3106"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/08/16/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
"assignerShortName": "jenkins",
"cveId": "CVE-2023-40336",
"datePublished": "2023-08-16T14:32:49.394Z",
"dateReserved": "2023-08-14T16:02:56.434Z",
"dateUpdated": "2024-10-08T18:33:08.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}