vulnerability
FreeBSD: VID-402FCCD0-5B6D-11EE-9898-00E081B7AA2D (CVE-2023-43497): jenkins -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:N) | Sep 20, 2023 | Sep 25, 2023 | Jan 28, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:N)
Published
Sep 20, 2023
Added
Sep 25, 2023
Modified
Jan 28, 2025
Description
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
Solution(s)
freebsd-upgrade-package-jenkinsfreebsd-upgrade-package-jenkins-lts
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.