Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-43496HistorySep 20, 2023 - 5:15 p.m.
CVE-2023-43496
2023-09-2017:15:11
Alpine Linux Development Team
security.alpinelinux.org
4
jenkins
vulnerability
temporary file
permissions
plugin installation
arbitrary code execution
unix
0.001 Low
EPSS
Percentile
23.1%
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.18-community | noarch | jenkins | = 2.387.3-r0 | UNKNOWN |
| Alpine | 3.19-community | noarch | jenkins | = 2.414.3-r0 | UNKNOWN |
Related
osv
osv
BIT-jenkins-2023-43496
2024-03-06 10:54:39
CVE-2023-43496
2023-09-20 17:15:11
Jenkins temporary plugin file created with insecure permissions
2023-09-20 18:30:21
veracode
veracode
Insecure Temporary File Creation
2023-09-25 10:46:45
github
github
Jenkins temporary plugin file created with insecure permissions
2023-09-20 18:30:21
cvelist
cvelist
CVE-2023-43496
2023-09-20 16:06:10
redhatcve
redhatcve
CVE-2023-43496
2023-09-22 11:54:55
cve
cve
CVE-2023-43496
2023-09-20 17:15:11
prion
prion
Design/Logic Flaw
2023-09-20 17:15:00
nvd
nvd
CVE-2023-43496
2023-09-20 17:15:11
nessus
nessus
freebsd
freebsd
jenkins -- multiple vulnerabilities
2023-09-20 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00