Lucene search

K
redhatcveRedhat.comRH:CVE-2023-43498
HistorySep 22, 2023 - 11:55 a.m.

CVE-2023-43498

2023-09-2211:55:05
redhat.com
access.redhat.com
14
jenkins
file uploads
security bypass
local authenticated attacker
multipartformdataparser
cve-2023-43498

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.4%

A flaw was found in Jenkins weekly and LTS due to an issue when processing file uploads using the MultipartFormDataParser. By sending a specially crafted request, a local authenticated attacker could bypass security restrictions and access the Jenkins controller file system to read and write the files before they are used.

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

21.4%