Lucene search

FreeBSDF68BB358-BE8E-11ED-9215-00E081B7AA2D

HistoryMar 08, 2023 - 12:00 a.m.

jenkins -- multiple vulnerabilities

2023-03-0800:00:00

vuxml.freebsd.org

jenkins

multiple vulnerabilities

xss

dos

directory access

insecure file creation

information disclosure

security advisory

cve-2023-27898

cve-2023-24998

cve-2023-27900

cve-2023-27901

cve-2023-27902

cve-2023-27903

cve-2023-27904

jenkins security advisory

unix

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.034 Low

EPSS

Percentile

91.4%

JSON

Jenkins Security Advisory:

Description
(High) SECURITY-3037 / CVE-2023-27898
XSS vulnerability in plugin manager
(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)
DoS vulnerability in bundled Apache Commons FileUpload library

(Medium) SECURITY-1807 / CVE-2023-27902
Workspace temporary directories accessible through directory browser
(Low) SECURITY-3058 / CVE-2023-27903
Temporary file parameter created with insecure permissions
(Low) SECURITY-2120 / CVE-2023-27904
Information disclosure through error stack traces related to agents

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchjenkins< 2.394UNKNOWN
FreeBSDanynoarchjenkins-lts< 2.387.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	jenkins	< 2.394	UNKNOWN
FreeBSD	any	noarch	jenkins-lts	< 2.387.1	UNKNOWN

References

www.jenkins.io/security/advisory/2023-03-08/

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

0.034 Low

EPSS

Percentile

91.4%

JSON

Related for F68BB358-BE8E-11ED-9215-00E081B7AA2D