Vulnerabilities > CVE-2023-27903 - Incorrect Authorization vulnerability in Jenkins

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
local
low complexity
jenkins
CWE-863
NVD
Published: 2023-03-10
Updated: 2023-03-15

Summary

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.

Vulnerable Configurations

Part Description Count
Application
Jenkins
1092

Common Weakness Enumeration (CWE)

References