cbcvebase.
CVE-2023-32985
published 2023-05-16

CVE-2023-32985: Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with…

PriorityP341medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
72.36%
99.4th percentile
Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected

24 ranges
VendorProductVersion rangeFixed in
jenkinsansible_plugin
jenkinsappspider_plugin
jenkinsazure_vm_agents_plugin
jenkinscas_plugin
jenkinscode_dx_plugin
jenkinscredentials_plugin
jenkinsemail_extension_plugin
jenkinsfile_parameter_plugin
jenkinshashicorp_vault_plugin
jenkinsids_in_azure_vm_agents_plugin
jenkinsimproper_masking_of_credentials_in_hashicorp_vault_plugin
jenkinsjob_plugin
jenkinsldap_plugin
jenkinsloadcomplete_support_plugin
jenkinsns-nd_integration_performance_publisher_plugin
jenkinspipeline_utility_steps_plugin
jenkinsreverse_proxy_auth_plugin
jenkinssidebar_link<= 2.2.1
jenkinssidebar_link_plugin
jenkinstag_profiler_plugin
jenkinstestcomplete_support_plugin
jenkinstestng_report_files_and_displayed_on_the_plugin
jenkinstestng_results_plugin
jenkins_projectjenkins_sidebar_link_plugin<= 2.2.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.