CVE-2023-27899

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*

History

16 Mar 2023, 15:48

Type Values Removed Values Added
CPE cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
References (MISC) https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823 - (MISC) https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823 - Vendor Advisory
CWE CWE-863
First Time Jenkins jenkins
Jenkins
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.0

10 Mar 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-10 21:15

Updated : 2023-12-10 14:48


NVD link : CVE-2023-27899

Mitre link : CVE-2023-27899

CVE.ORG link : CVE-2023-27899


JSON object : View

Products Affected

jenkins

  • jenkins
CWE
CWE-863

Incorrect Authorization