Home > Vulnerability Database > CVE-2023-27899

Mend.io Vulnerability Database

CVE-2023-27899

Good to know:

Date: March 8, 2023

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.

Language: Java

Severity Score

7.0

Related Resources (5)

Url: https://github.com/jenkinsci/jenkins/commit/f39c11fa27b14923260c4c9b896f0f373e2a0a17

Url: https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2823

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27899

Url: https://github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27899.json

Url: https://www.mend.io/vulnerability-database/CVE-2023-27899

Severity Score

7.0

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version org.jenkins-ci.main:jenkins-core:2.375.4,2.387.1,2.394

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27899

Good to know:

Date: March 8, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?