CVE-2023-32985

Name of the Vulnerable Software and Affected Versions Jenkins Sidebar Link Plugin versions 2.2.1 and earlier

Description The issue allows attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. This is due to the plugin not restricting the path of files in a method implementing form validation. The plugin allows specifying files in the userContent/ directory for use as link icons.

Recommendations For Jenkins Sidebar Link Plugin versions 2.2.1 and earlier, update to version 2.2.2 or later to ensure that only files located within the expected userContent/ directory can be accessed.