VDB
CVE-2023-43497
CVE-2023-43497
PUBLISHED
In Jenkins LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
EPSS 0.09% · 25.5th percentile
Risk Scores
EPSS Score
0.09%
25.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | jenkins | 0 |
| Bitnami | jenkins | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2023-43497 (circl-sighting)
- Jenkins Security Advisory 2023-09-20 (circl)
- http://www.openwall.com/lists/oss-security/2023/09/20/5 (circl)
Timeline
- Sep 20, 2023 CVE Published
- Sep 20, 2023 PoC Published
- Sep 22, 2023 EPSS Score
- Oct 24, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Dec 27, 2023 EPSS Score
- Jan 28, 2024 EPSS Score
- Mar 1, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 4, 2024 EPSS Score
- Jun 5, 2024 EPSS Score
- Jul 7, 2024 EPSS Score