Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-27903

Опубликовано: 10 мар. 2023
Источник: redhat
CVSS3: 4.4
EPSS Низкий

Описание

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.

Отчет

OpenShift 3.11 is already in the ELS support model phase. The Jenkins components are out of the scope of the ELS support; hence OpenShift 3.11 Jenkins component is marked in this CVE as Out of Support Scope.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11jenkinsOut of support scope
OCP-Tools-4.12-RHEL-8jenkinsFixedRHSA-2023:319518.05.2023
OCP-Tools-4.12-RHEL-8jenkinsFixedRHSA-2023:617230.10.2023
OCP-Tools-4.12-RHEL-8jenkinsFixedRHSA-2024:077812.02.2024
OCP-Tools-4.13-RHEL-8jenkinsFixedRHSA-2023:362215.06.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2023:319817.05.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2023:366319.06.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2023:617130.10.2023
OpenShift Developer Tools and Services for OCP 4.11jenkinsFixedRHSA-2024:077512.02.2024
Red Hat OpenShift Container Platform 4.10jenkinsFixedRHSA-2023:165512.04.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=2177632Jenkins: Temporary file parameter created with insecure permissions

EPSS

Процентиль: 18%
0.00057
Низкий

4.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-27903

CVSS3: 4.4
nvd
почти 3 года назад

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

debian логотип

CVE-2023-27903

CVSS3: 4.4
debian
почти 3 года назад

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...

github логотип

GHSA-584m-7r4m-8j6v

CVSS3: 3.6
github
почти 3 года назад

Incorrect Authorization in Jenkins Core

EPSS

Процентиль: 18%
0.00057
Низкий

4.4 Medium

CVSS3