1. Home
  2. Security Advisories
  3. Jenkins
  4. JENKINS:SECURITY-2709

[JENKINS:SECURITY-2709] Path traversal vulnerability in `visualexpert`

Severity Medium
Affected Packages 2
CVEs 1
Info Packages References Vulnerabilities

visualexpert 1.3 and earlier does not restrict the names of files in methods implementing form validation.

This allows attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

As of publication of this advisory, there is no fix.

Package Affected Version
pkg:maven/org.jenkins-ci.plugins/visualexpert <= 1.3
pkg:github/jenkinsci/visualexpert-plugin <= 1.3
ID
JENKINS:SECURITY-2709
Severity
medium
Published
2023-01-24T00:00:00
(20 months ago)
Modified
2023-01-24T00:00:00
(20 months ago)
Rights
Jenkins Security Team
Other Advisories
Source # ID Name URL
Plugin repository visualexpert repository https://github.com/jenkinsci/visualexpert-plugin
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:maven/org.jenkins-ci.plugins/visualexpert org.jenkins-ci.plugins visualexpert <= 1.3
Affected pkg:github/jenkinsci/visualexpert-plugin jenkinsci visualexpert-plugin <= 1.3
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date