Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI

Incorrect Authorization in Jenkins Core

When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input.

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier, and , and LTS prior to 2.387.1 creates this temporary file in the default temporary directory with the default permissions for newly created files.

If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build.

This vulnerability only affects operating systems using a shared temporary directory for all users (typically Linux). Additionally, the default permissions for newly created files generally only allows attackers to read the temporary file.
Jenkins 2.394, LTS 2.375.4, and LTS 2.387.1 creates the temporary file with more restrictive permissions.

As a workaround, you can set a different path as your default temporary directory using the Java system property java.io.tmpdir, if you’re concerned about this issue but unable to immediately update Jenkins.

Permalink: https://github.com/advisories/GHSA-584m-7r4m-8j6v
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 year ago
Updated: 4 months ago

CVSS Score: 3.6
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Identifiers: GHSA-584m-7r4m-8j6v, CVE-2023-27903
References:

Repository: https://github.com/CVEProject/cvelist
Blast Radius: 1.0

Affected Packages

maven:org.jenkins-ci.main:jenkins-core

Affected Version Ranges: >= 2.388, < 2.394, >= 2.376, < 2.387.1, < 2.375.4
Fixed in: 2.394, 2.387.1, 2.375.4