CVE-2023-27899

EPSS 0.05%
Veröffentlicht 10.03.2023 21:15:15
Zuletzt bearbeitet 28.02.2025 19:15:35
Quelle jenkinsci-cert@googlegroups.co
CVE-Watchlists
Login
Unerledigt
Login

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jenkins ≫ Jenkins SwEditionlts Version < 2.375.4

Jenkins ≫ Jenkins SwEdition- Version < 2.394

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27899

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-27899