In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
History

Tue, 24 Sep 2024 17:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-09-20T16:06:10.771Z

Updated: 2024-09-24T17:04:55.380Z

Reserved: 2023-09-19T09:22:58.130Z

Link: CVE-2023-43497

cve-icon Vulnrichment

Updated: 2024-08-02T19:44:42.280Z

cve-icon NVD

Status : Modified

Published: 2023-09-20T17:15:11.877

Modified: 2024-11-21T08:24:09.610

Link: CVE-2023-43497

cve-icon Redhat

Severity : Low

Publid Date: 2023-09-20T00:00:00Z

Links: CVE-2023-43497 - Bugzilla