CVE-2023-3315
published 2023-06-19CVE-2023-3315: Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | aws_codecommit_trigger_plugin | — | — |
| jenkins | checkmarx_plugin | — | — |
| jenkins | digital.ai_app_management_publisher_plugin | — | — |
| jenkins | dimensions_plugin | — | — |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| jenkins | jenkins_weekly | — | — |
| jenkins | maven_repository_server_plugin | — | — |
| jenkins | sonargraph_integration_plugin | — | — |
| jenkins | team_concert | <= 2.4.1 | — |
| jenkins | team_concert_plugin | — | — |
| jenkins | template_workflows_plugin | — | — |
| jenkins_project | jenkins_team_concert_plugin | <= 2.4.1 | — |