CVE-2023-40338

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier

Description The issue concerns the Jenkins Folders Plugin, which displays an error message including the absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available. This exposes information about the Jenkins controller file system.

Recommendations For Jenkins Folders Plugin versions 6.846.v23698686f0f6 and earlier, update to a version that does not display the absolute path of a log file in the error message, such as Folders Plugin 6.848.ve3b fd7839a 81.

Fix

Insertion into Log File

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-209

Related Identifiers

CVE-2023-40338

GHSA-36HQ-V2FC-RPQP

RHSA-2024:0777

RHSA-2024:0778

Affected Products

Jenkins

Jenkins Folders Plugin

CVE-2023-40338

Weakness Enumeration

Related Identifiers

Affected Products

References · 11