6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-46655

GHSA ID

GHSA-9ggw-h9mf-4jh7

EPSS Score

0.50908%

CWE

CWE-22

Published

10/25/2023

Updated

11/11/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-46655

CVE-2023-46655:
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read

Jenkins CloudBees CD Plugin temporarily copies files from an agent workspace to the controller in preparation for publishing them in the 'CloudBees CD - Publish Artifact' post-build step.

CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the temporary directory on the controller when collecting the list of files to publish.

This allows attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.

CloudBees CD Plugin 1.1.33 ensures that only files located within the expected directory are published.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-46655

GHSA ID

GHSA-9ggw-h9mf-4jh7

EPSS Score

0.50908%

CWE

CWE-22

Published

10/25/2023

Updated

11/11/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.jenkins-ci.plugins:electricflow	maven	< 1.1.33	1.1.33

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper symlink handling during file collection for publishing. The removed getFilesFromDirectory() lacked symlink checks, while the original getFilesFromDirectoryWildcardDirScanner() lacked the toRealPath() containment check added in the patch. Both allowed resolving symlinks outside the temp directory. The ElectricFlowClient.uploadArtifact()'s file processing was modified to use the safer endpoint-specific logic, but the root vulnerability resided in FileHelper's file collection methods.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

J*nkins *lou****s ** Plu*in t*mpor*rily *opi*s *il*s *rom *n ***nt worksp*** to t** *ontroll*r in pr*p*r*tion *or pu*lis*in* t**m in t** '*lou****s ** - Pu*lis* *rti***t' post-*uil* st*p. *lou****s ** Plu*in *.*.** *n* **rli*r *ollows sym*oli* links

Reasoning

T** vuln*r**ility st*ms *rom improp*r symlink **n*lin* *urin* *il* *oll**tion *or pu*lis*in*. T** r*mov** `**t*il*s*rom*ir**tory()` l**k** symlink ****ks, w*il* t** ori*in*l `**t*il*s*rom*ir**toryWil***r**irS**nn*r()` l**k** t** `toR**lP*t*()` *ont*i

6.5

Basic Information

Concerned about an active attack path?

CVE-2023-46655: Jenkins CloudBees CD Plugin vulnerable to arbitrary file read

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-46655:
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read

Vulnerability Intelligence
Miggo AI