CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
21.4%
org.jenkins-ci.main: jenkins-core is vulnerable to Insecure Temporary Files. The vulnerability is caused by not restricting permissions to the temporary file in the system temporary directory and leaving the newly created files with default permissions which are created by the Jenkins API MultipartFormDataParser
. If these permissions are overly permissive , this can allow an attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.