7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-43496

GHSA ID

GHSA-55wp-3pq4-w8p9

EPSS Score

0.35039%

CWE

CWE-276

Published

9/20/2023

Updated

1/4/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-43496

CVE-2023-43496:
Jenkins temporary plugin file created with insecure permissions

Jenkins creates a temporary file when a plugin is deployed directly from a URL.

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates this temporary file in the system temporary directory with the default permissions for newly created files.

If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

This vulnerability only affects operating systems using a shared temporary directory for all users (typically Linux). Additionally, the default permissions for newly created files generally only allow attackers to read the temporary file, but not write to it.

This issue complements SECURITY-2823, which affected plugins uploaded from an administrator’s computer. Jenkins 2.424, LTS 2.414.2 creates the temporary file in a subdirectory with more restrictive permissions.

As a workaround, you can change your default temporary-file directory using the Java system property java.io.tmpdir, if you’re concerned about this issue but unable to immediately update Jenkins.

(GitHub Advisory)

7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-43496

GHSA ID

GHSA-55wp-3pq4-w8p9

EPSS Score

0.35039%

CWE

CWE-276

Published

9/20/2023

Updated

1/4/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.main:jenkins-core	maven	>= 2.50, < 2.414.2	2.414.2
org.jenkins-ci.main:jenkins-core	maven	>= 2.415, < 2.424	2.424

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure temporary file handling in plugin installation. The commit diff shows the patched version adds a secure subdirectory (tmpDir) parameter to File.createTempFile(), while the original vulnerable code used the system temp directory. The doUploadPlugin method is directly responsible for this file creation operation. The security advisory specifically mentions this code path as the source of insecure file permissions when deploying plugins from URLs, and the test cases added in PluginManagerSecurity3072Test.java validate the permission changes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *r**t*s * t*mpor*ry *il* w**n * plu*in is **ploy** *ir**tly *rom * URL. J*nkins *.*** *n* **rli*r, LTS *.***.* *n* **rli*r *r**t*s t*is t*mpor*ry *il* in t** syst*m t*mpor*ry *ir**tory wit* t** ****ult p*rmissions *or n*wly *r**t** *il*s. I

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* t*mpor*ry *il* **n*lin* in plu*in inst*ll*tion. T** *ommit *i** s*ows t** p*t**** v*rsion ***s * s**ur* su**ir**tory (tmp*ir) p*r*m*t*r to `*il*.*r**t*T*mp*il*()`, w*il* t** ori*in*l vuln*r**l* *o** us** t** syst

7

Basic Information

Concerned about an active attack path?

CVE-2023-43496: Jenkins temporary plugin file created with insecure permissions

7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-43496:
Jenkins temporary plugin file created with insecure permissions

Vulnerability Intelligence
Miggo AI