Incorrect Authorization Affecting jenkins package, versions <2.395-r0
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-WOLFILATEST-JENKINS-5847229
- published 21 Aug 2023
- disclosed 10 Mar 2023
Introduced: 10 Mar 2023
CVE-2023-27903 Open this link in a new tabHow to fix?
Upgrade Wolfi
jenkins
to version 2.395-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream jenkins
package and not the jenkins
package as distributed by Wolfi
.
See How to fix?
for Wolfi
relevant fixed versions and status.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.