Lucene search
PRIOn knowledge basePRION:CVE-2023-46654HistoryOct 25, 2023 - 6:17 p.m.
Design/Logic Flaw
2023-10-2518:17:00
PRIOn knowledge base
www.prio-n.com
2
jenkins
cloudbees
plugin
cleanup process
symbolic links
arbitrary files
security vulnerability
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the ‘CloudBees CD - Publish Artifact’ post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cloudbees_cd | le | 1.1.32 |
Related
github
github
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
2023-10-25 18:32:25
nvd
nvd
CVE-2023-46654
2023-10-25 18:17:40
cve
cve
CVE-2023-46654
2023-10-25 18:17:40
osv
osv
CVE-2023-46654
2023-10-25 18:17:40
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
2023-10-25 18:32:25
cvelist
cvelist
CVE-2023-46654
2023-10-25 13:45:55
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-10-25)
2023-10-25 00:00:00