Description

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

Remediation

References

https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073

http://www.openwall.com/lists/oss-security/2023/09/20/5

Related Vulnerabilities

CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2022-46366 Vulnerability in maven package tapestry:tapestry

CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-27901 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-10290 Vulnerability in maven package org.jenkins-ci.plugins:netsparker-cloud-scan

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Tags

Vendor Advisory Mailing List Third Party Advisory NVD-CWE-noinfo