CVE-2023-43498

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-377
View all →

Vulnerability Description

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

Related Vulnerabilities

CVE-2022-0315

HIGH
CVSS:8.2(High)

Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.

CWE-3772022

CVE-2022-0736

HIGH
CVSS:8.2(High)

Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.

CWE-3772022

CVE-2018-3710

HIGH
CVSS:7.8(High)

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution.

CWE-3772018

CVE-2020-1981

HIGH
CVSS:7.8(High)

A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged...

CWE-3772020

CVE-2022-34387

HIGH
CVSS:7.8(High)

Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious us...

CWE-3772022

CVE-2022-4817

HIGH
CVSS:7.8(High)

A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be i...

CWE-3772022