Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Remediation
References
https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
Related Vulnerabilities
CVE-2017-16047 Vulnerability in npm package mysqljs
CVE-2022-31186 Vulnerability in npm package next-auth
CVE-2020-2132 Vulnerability in maven package com.parasoft:environment-manager
CVE-2017-4963 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2013-4517 Vulnerability in maven package org.apache.santuario:xmlsec