CVE-2023-43498

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/09/20/5	Mailing List Third Party Advisory
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jenkins:jenkins:::::lts:::*
	cpe:2.3:a:jenkins:jenkins:::::-:::*

History

23 Sep 2023, 03:45

Type	Values Removed	Values Added
First Time		Jenkins Jenkins jenkins
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:jenkins:jenkins:::::lts:::* cpe:2.3:a:jenkins:jenkins:::::-:::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
References	~~(MISC) https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 -~~	(MISC) https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 - Vendor Advisory
References	~~(MISC) http://www.openwall.com/lists/oss-security/2023/09/20/5 -~~	(MISC) http://www.openwall.com/lists/oss-security/2023/09/20/5 - Mailing List, Third Party Advisory

20 Sep 2023, 18:15

Type	Values Removed	Values Added
References		(MISC) http://www.openwall.com/lists/oss-security/2023/09/20/5 -

20 Sep 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-20 17:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-43498

Mitre link : CVE-2023-43498

CVE.ORG link : CVE-2023-43498

JSON object : View

Products Affected

jenkins

jenkins

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-43498", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2023-09-20T17:15:11.927", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/09/20/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "jenkinsci-cert@googlegroups.com"}, {"url": "https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073", "tags": ["Vendor Advisory"], "source": "jenkinsci-cert@googlegroups.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used."}, {"lang": "es", "value": "En Jenkins versi\u00f3n 2.423 y anteriores, LTS versi\u00f3n 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando MultipartFormDataParser crea archivos temporales en el directorio temporal predeterminado del sistema con los permisos predeterminados para archivos reci\u00e9n creados, lo que potencialmente permite a los atacantes con acceso al sistema de archivos del controlador Jenkins leer y escriba los archivos antes de usarlos."}], "lastModified": "2023-09-23T03:45:03.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "C2F4A98B-D78F-4DCD-BC55-30B060433845", "versionEndExcluding": "2.414.2"}, {"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D532EC73-64F8-46D5-8240-863B264D13D6", "versionEndExcluding": "2.424"}], "operator": "OR"}]}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com"}