CVE-2023-40338
Jenkins Folders Plugin information disclosure vulnerability
4.3
MEDIUM
CVSS 3.1
EPSS 0.14%
描述
Jenkins Folders Plugin displays an error message when attempting to access the Scan Organization Folder Log if no logs are available. In Folders Plugin 6.846.v23698686f0f6 and earlier, this error message includes the absolute path of a log file, exposing information about the Jenkins controller file system. Folders Plugin 6.848.ve3b_fd7839a_81 does not display the absolute path of a log file in the error message.
如何修補 CVE-2023-40338
要修補 CVE-2023-40338,請將受影響套件升級到下列已修補版本。
- —升級至 6.848.ve3b 或更新版本
CVE-2023-40338 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 6.848.ve3b
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |