CVE-2023-43496
CVSS v3.1
8.8 (High)
EPSS
0.08 % (34th)
Affected Products
1
Advisories
3
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
Weaknesses
- CWE-276
- Incorrect Default Permissions
- CVE Status
- PUBLISHED
- CNA
- Jenkins Project
- Published Date
-
2023-09-20 17:15:11
(12 months ago) - Updated Date
-
2023-09-23 03:45:08
(12 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...