4.4
CVSSv3

CVE-2023-27903

Published: 10/03/2023 Updated: 15/03/2023
CVSS v3 Base Score: 4.4 | Impact Score: 2.5 | Exploitability Score: 1.8
VMScore: 0

Vulnerability Summary

Jenkins 2.393 and previous versions, LTS 2.375.3 and previous versions creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins jenkins

Vendor Advisories

Synopsis Moderate: OpenShift Container Platform 41056 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41056 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Pla ...
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
Synopsis Critical: OpenShift Container Platform 41056 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41056 is now available with updates to packages and ima ...
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
Synopsis Critical: Multicluster Engine for Kubernetes 224 security fixes and container updates Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 224 General Availability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as having a security ...
Synopsis Critical: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for O ...
Synopsis Important: jenkins and jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
Synopsis Important: Jenkins and Jenkins-2-plugins security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for ...
DescriptionThe MITRE CVE dictionary describes this issue as: Jenkins 2393 and earlier, LTS 23753 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file sy ...