Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-43496

EPSS 0.25% · P48
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-43496

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 存在安全漏洞,该漏洞源于从 URL 安装插件时会在系统临时目录中创建一个临时文件,该文件具有新创建文件的默认权限,这可能允许有权访问系统临时目录的攻击者替换该文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Jenkins ProjectJenkins 2.424 ~ * -

II. Public POCs for CVE-2023-43496

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-43496

登录查看更多情报信息。

Same Patch Batch · Jenkins Project · 2023-09-20 · 9 CVEs total

CVE-2023-43498Jenkins 安全漏洞
CVE-2023-43502Jenkins Plugin Build Failure Analyzer 跨站请求伪造漏洞
CVE-2023-43501Jenkins Plugin Build Failure Analyzer 安全漏洞
CVE-2023-43500Jenkins Plugin Build Failure Analyzer 跨站请求伪造漏洞
CVE-2023-43499Jenkins Plugin Build Failure Analyzer 跨站脚本漏洞
CVE-2023-43497Jenkins 代码问题漏洞
CVE-2023-43495Jenkins 跨站脚本漏洞
CVE-2023-43494Jenkins 安全漏洞

IV. Related Vulnerabilities

Same product: Jenkins
Same vendor: Jenkins Project

V. Comments for CVE-2023-43496

No comments yet

Leave a comment