Trung Pham

**Name of the Vulnerable Software and Affected Versions** Jenkins Sidebar Link Plugin versions 2.2.1 and earlier **Description** The issue allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. This is due to the plugin not restricting the path of files in a method implementing form validation. The plugin allows specifying files in the `userContent/` directory for use as link icons. **Recommendations** For Jenkins Sidebar Link Plugin versions 2.2.1 and earlier, update to version 2.2.2 or later to ensure that only files located within the expected `userContent/` directory can be accessed.

**Name of the Vulnerable Software and Affected Versions** Jenkins File Parameter Plugin versions 285.v757c5b 67a c25 and earlier **Description** The issue allows attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. This is due to the lack of restriction on the name and resulting uploaded file name of Stashed File Parameters. **Recommendations** For versions 285.v757c5b 67a c25 and earlier, update to a version that restricts the name of Stashed File Parameters, such as version 285.287.v4b 7b 29d3469d, to prevent attackers from creating or replacing arbitrary files on the Jenkins controller file system.

**Name of the Vulnerable Software and Affected Versions** Jenkins LoadComplete support Plugin versions 1.0 and earlier **Description** The issue is related to a stored cross-site scripting (XSS) vulnerability. This occurs because the LoadComplete test name is not properly escaped, allowing attackers with Item/Configure permission to exploit this weakness. The vulnerability is present in the test result page. **Recommendations** For Jenkins LoadComplete support Plugin versions 1.0 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 112 Focus for Android versions prior to 112 Firefox ESR versions prior to 102.10 Firefox for Android versions prior to 112 Thunderbird versions prior to 102.10 **Description** The issue arises from improper handling of the filename directive in the Content-Disposition header, specifically when the filename contains a NULL character, leading to filename truncation. This could facilitate reflected file download attacks, potentially tricking users into installing malware. **Recommendations** For Firefox versions prior to 112, update to version 112 or later. For Focus for Android versions prior to 112, update to version 112 or later. For Firefox ESR versions prior to 102.10, update to version 102.10 or later. For Firefox for Android versions prior to 112, update to version 112 or later. For Thunderbird versions prior to 102.10, update to version 102.10 or later.

**Name of the Vulnerable Software and Affected Versions** Spring-integration-zip versions prior to 1.0.4 **Description** The issue allows for an arbitrary file write, which can be achieved by using a specially crafted zip archive, as well as other archives such as bzip2, tar, xz, war, cpio, and 7z. These archives can contain path traversal filenames. When the filename is concatenated to the target extraction directory, the final path can end up outside of the target folder. **Recommendations** For Spring-integration-zip versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of zip archives and other affected archive types until the update is applied. Avoid using the vulnerable zip extraction functionality in the affected versions until the issue is resolved.