Arbitrary Code Execution Vulnerability in Jenkins Plugin Installation

Arbitrary Code Execution Vulnerability in Jenkins Plugin Installation

CVE-2023-43496 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

Learn more about our Web Application Penetration Testing UK.