Description
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
Remediation
References
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072
http://www.openwall.com/lists/oss-security/2023/09/20/5
Related Vulnerabilities
CVE-2020-27782 Vulnerability in maven package io.undertow:undertow-servlet
CVE-2020-4076 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-49374 Vulnerability in maven package com.jfinal:jfinal
CVE-2021-36374 Vulnerability in maven package org.apache.ant:ant
CVE-2023-24429 Vulnerability in maven package org.jenkins-ci.plugins:semantic-versioning-plugin