Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-03-08T17:14:52.143Z
Updated: 2024-08-02T12:23:30.640Z
Reserved: 2023-03-07T09:35:48.507Z
Link: CVE-2023-27903
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-10T21:15:15.677
Modified: 2024-11-21T07:53:40.133
Link: CVE-2023-27903
Redhat