Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-05-16T16:00:07.514Z
Updated: 2024-08-02T15:32:46.615Z
Reserved: 2023-05-16T10:55:43.519Z
Link: CVE-2023-32986
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-16T16:15:11.147
Modified: 2023-05-25T00:34:23.737
Link: CVE-2023-32986
Redhat
No data.