CVE-2023-43496 — Vulnetix

CVE-2023-43496 PUBLISHED

Jenkins LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

EPSS 0.25% · 48.4th percentile

Risk Scores

EPSS Score

0.25%

48.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	jenkins	0
Bitnami	jenkins	0

Timeline

Sep 20, 2023 CVE Published
Sep 22, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Nov 25, 2023 EPSS Score
Dec 27, 2023 EPSS Score
Jan 28, 2024 EPSS Score
Feb 29, 2024 EPSS Score
Apr 1, 2024 EPSS Score
May 3, 2024 EPSS Score
Jul 6, 2024 EPSS Score
Aug 7, 2024 EPSS Score
Sep 8, 2024 EPSS Score

References

https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 url
http://www.openwall.com/lists/oss-security/2023/09/20/5 url
https://nvd.nist.gov/vuln/detail/CVE-2023-43496 url

Open in Interactive Console →