1. Home
  2. Vulnerabilities
  3. CVE-2023-43497

CVE-2023-43497

CVSS v3.1 8.1 (High)
81% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 1
Advisories 3
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

Weaknesses
CWE-434
Unrestricted Upload of File with Dangerous Type
CVE Status
PUBLISHED
CNA
Jenkins Project
Published Date
2023-09-20 17:15:11
(12 months ago)
Updated Date
2023-09-23 03:45:05
(12 months ago)

Affected Products

Jenkins

Configuration #1

    CPE23 From Up To
  Jenkins prior 2.414.2 version cpe:2.3:a:jenkins:jenkins::*:*:*:lts < 2.414.2
  Jenkins prior 2.424 version cpe:2.3:a:jenkins:jenkins::*:*:*:- < 2.424