发布于3月6日3月6日 Members Red Hat OpenShift: CVE-2023-27899: Jenkins: Temporary plugin file created with insecure permissions Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/10/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. Solution(s) linuxrpm-upgrade-jenkins References https://attackerkb.com/topics/cve-2023-27899 CVE - 2023-27899 RHSA-2023:1655 RHSA-2023:3663
