CVE-2023-43497
https://notcve.org/view.php?id=CVE-2023-43497
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. En Jenkins 2.423 y versiones anteriores, LTS 2.414.1 y anteriores, el procesamiento de cargas de archivos utilizando el framework web Stapler crea archivos temporales en el directorio temporal predeterminado del sistema con los permisos predeterminados para archivos recién creados, lo que potencialmente permite a los atacantes acceder al sistema de archivos del controlador Jenkins leer y escribir los archivos antes de utilizarlos. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2023-43496
https://notcve.org/view.php?id=CVE-2023-43496
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores crean un archivo temporal en el directorio temporal del sistema con los permisos predeterminados para archivos recién creados al instalar un complemento desde una URL, lo que potencialmente permite a los atacantes con acceso al directorio temporal del sistema reemplazar el archivo antes de instalarlo en Jenkins, lo que podría provocar la ejecución de código arbitrario. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3072 • CWE-276: Incorrect Default Permissions •
CVE-2023-43495
https://notcve.org/view.php?id=CVE-2023-43495
Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter. Jenkins 2.423 y anteriores, LTS 2.414.1 y anteriores no escapan al valor del parámetro constructor 'caption' de 'ExpandableDetailsNote', lo que genera una vulnerabilidad de Store Cross-Site Scripting (XSS) que pueden explotar los atacantes capaces de controlar este parámetro. • http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-43494
https://notcve.org/view.php?id=CVE-2023-43494
Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered. Jenkins 2.50 a 2.423 (ambos inclusive), LTS 2.60.1 a 2.414.1 (ambos inclusive) no excluye variables de compilación confidenciales (por ejemplo, valores de parámetros de contraseña) de la búsqueda en el widget del historial de compilación, lo que permite a los atacantes con permiso de elemento/lectura. para obtener valores de variables sensibles utilizadas en compilaciones probando iterativamente diferentes caracteres hasta que se descubre la secuencia correcta. • https://github.com/mqxmm/CVE-2023-43494 http://www.openwall.com/lists/oss-security/2023/09/20/5 https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3261 •
CVE-2023-39151
https://notcve.org/view.php?id=CVE-2023-39151
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. • http://www.openwall.com/lists/oss-security/2023/07/26/2 https://www.jenkins.io/security/advisory/2023-07-26/#SECURITY-3188 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •