WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-43498 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

Remediation

References

http://www.openwall.com/lists/oss-security/2023/09/20/5

https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073

Related Vulnerabilities

CVE-2020-7643 Vulnerability in npm package paypal-adaptive

CVE-2023-25768 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

CVE-2020-2252 Vulnerability in maven package org.jenkins-ci.plugins:mailer

CVE-2020-8570 Vulnerability in maven package io.kubernetes:client-java

CVE-2019-10414 Vulnerability in maven package de.wellnerbou.jenkins:git-changelog

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Mailing List Third Party Advisory Vendor Advisory NVD-CWE-noinfo