Описание
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. Affected versions of Jenkins show these temporary directories when viewing job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Отчет
OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | jenkins | Affected | ||
| OCP-Tools-4.13-RHEL-8 | jenkins | Fixed | RHSA-2023:3299 | 24.05.2023 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS3
Связанные уязвимости
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary dir ...
Incorrect Permission Preservation in Jenkins Core
4.3 Medium
CVSS3