Lucene search
JenkinsCVELIST:CVE-2023-43496HistorySep 20, 2023 - 4:06 p.m.
CVE-2023-43496
2023-09-2016:06:10
jenkins
www.cve.org
jenkins
vulnerability
temporary file
plugin installation
system directory
arbitrary code execution
cve-2023-43496
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Jenkins",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "2.424",
"versionType": "maven"
},
{
"lessThan": "2.414.*",
"status": "unaffected",
"version": "2.414.2",
"versionType": "maven"
}
]
}
]Related
osv
osv
BIT-jenkins-2023-43496
2024-03-06 10:54:39
CVE-2023-43496
2023-09-20 17:15:11
Jenkins temporary plugin file created with insecure permissions
2023-09-20 18:30:21
veracode
veracode
Insecure Temporary File Creation
2023-09-25 10:46:45
alpinelinux
alpinelinux
CVE-2023-43496
2023-09-20 17:15:11
github
github
Jenkins temporary plugin file created with insecure permissions
2023-09-20 18:30:21
nvd
nvd
CVE-2023-43496
2023-09-20 17:15:11
redhatcve
redhatcve
CVE-2023-43496
2023-09-22 11:54:55
prion
prion
Design/Logic Flaw
2023-09-20 17:15:00
cve
cve
CVE-2023-43496
2023-09-20 17:15:11
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00