PT-2023-8997 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.423 and earlier, LTS 2.414.1 and earlier Description: The issue is related to the processing of file uploads using the Stapler web framework, which creates temporary files in the default system temporary directory with the...

GHSA-584M-7R4M-8J6V Incorrect Authorization in Jenkins Core

When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and , and LTS prior to 2.387.1 creates this temporary file in the default temporar...

SUSE CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2021-23331

This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file...

The vulnerability of the java.io.tmpdir component in the Apache Ant build automation tool allows a attacker to modify data or gain unauthorized access to protected information.

The vulnerability of the java.io.tmpdir component in the Apache Ant build automation tool is related to errors in handling temporary files. Exploiting this vulnerability can allow an attacker to modify data or gain unauthorized access to protected information...