Vulnerability in Jenkins Project File Parameter Plugin
CVE-2023-32986
Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files…
EPSS: 0.631 (99.1th percentile) — read the EPSS interpretation.
Affected products
- Jenkins Project File Parameter Plugin — versions 0
References
- Jenkins Security Advisory 2023-05-16 (vendor-advisory)