1. Home
  2. Vulnerabilities
  3. CVE-2023-27899

CVE-2023-27899

CVSS v3.1 7 (High)
70% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 1
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

Weaknesses
CWE-863
Incorrect Authorization
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2023-03-10 21:15:15
(18 months ago)
Updated Date
2023-03-16 15:48:58
(18 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins prior 2.375.4 version cpe:2.3:a:jenkins:jenkins::*:*:*:lts < 2.375.4
  Jenkins prior 2.394 version cpe:2.3:a:jenkins:jenkins::*:*:*:- < 2.394