CVE-2023-43496 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=2.50 <2.414.2 || >=2.415 <2.424

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00144 pctl0.35261

Details

Jenkins temporary plugin file created with insecure permissions Jenkins creates a temporary file when a plugin is deployed directly from a URL. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates this temporary file in the system temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. This vulnerability only affects operating systems using a shared temporary directory for all users (typically Linux). Additionally, the default permissions for newly created files generally only allow attackers to read the temporary file, but not write to it. This issue complements SECURITY-2823, which affected plugins uploaded from an administrator’s computer. Jenkins 2.424, LTS 2.414.2 creates the temporary file in a subdirectory with more restrictive permissions. As a workaround, you can change your default temporary-file directory using the Java system property java.io.tmpdir, if you’re concerned about this issue but unable to immediately update Jenkins.

Metadata

Created: 2023-09-20T18:30:21Z
Modified: 2025-05-02T18:54:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-55wp-3pq4-w8p9/GHSA-55wp-3pq4-w8p9.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-55wp-3pq4-w8p9
Finding: F056
Auto approve: 1