Description
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
Remediation
References
http://www.openwall.com/lists/oss-security/2023/09/20/5
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
Related Vulnerabilities
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2019-12400 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2022-23974 Vulnerability in maven package org.apache.pinot:pinot-server
CVE-2020-2182 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding
CVE-2020-7684 Vulnerability in npm package rollup-plugin-serve-favicon