Lucene search

GoogleOSV:BIT-JENKINS-2023-27902

HistoryMar 06, 2024 - 10:56 a.m.

BIT-jenkins-2023-27902

2024-03-0610:56:09

Google

osv.dev

jenkins

temporary directories

vulnerability

item permission

workspace permission

software

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

CPENameOperatorVersion
jenkinslt2.394.0
jenkinslt2.375.4

CPE	Name	Operator	Version
	jenkins	lt	2.394.0
	jenkins	lt	2.375.4

References

www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.0%

JSON

Related for OSV:BIT-JENKINS-2023-27902