An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
References
Link | Resource |
---|---|
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196 | Vendor Advisory |
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196 | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:04
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196 - Vendor Advisory |
09 Jun 2023, 18:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
Information
Published : 2023-05-16 16:15
Updated : 2024-11-21 08:04
NVD link : CVE-2023-32981
Mitre link : CVE-2023-32981
CVE.ORG link : CVE-2023-32981
JSON object : View
Products Affected
jenkins
- pipeline_utility_steps
CWE
CWE-787
Out-of-bounds Write