CVE-2023-27905
https://notcve.org/view.php?id=CVE-2023-27905
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-27904 – Jenkins: Information disclosure through error stack traces related to agents
https://notcve.org/view.php?id=CVE-2023-27904
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-2120 https://access.redhat.com/security/cve/CVE-2023-27904 https://bugzilla.redhat.com/show_bug.cgi?id=2177634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2023-27903 – Jenkins: Temporary file parameter created with insecure permissions
https://notcve.org/view.php?id=CVE-2023-27903
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the default permissions for newly created files. If these permissions are overly permissive, they may allow attackers with access to the Jenkins controller file system to read and write the file before it is used in the build. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058 https://access.redhat.com/security/cve/CVE-2023-27903 https://bugzilla.redhat.com/show_bug.cgi?id=2177632 • CWE-266: Incorrect Privilege Assignment CWE-863: Incorrect Authorization •
CVE-2023-27902 – Jenkins: Workspace temporary directories accessible through directory browser
https://notcve.org/view.php?id=CVE-2023-27902
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. A flaw was found in Jenkins. Jenkins uses temporary directories adjacent to workspace directories, usually with the @tmp name suffix, to store temporary files related to the build. In pipelines, these temporary directories are adjacent to the current working directory when operating in a subdirectory of the automatically allocated workspace. Jenkins-controlled processes, like SCMs, may store credentials in these directories. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807 https://access.redhat.com/security/cve/CVE-2023-27902 https://bugzilla.redhat.com/show_bug.cgi?id=2177630 • CWE-266: Incorrect Privilege Assignment •
CVE-2023-27901 – Jenkins: Denial of Service attack
https://notcve.org/view.php?id=CVE-2023-27901
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. A flaw was found in Jenkins. Affected versions of Jenkins use the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. • https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3030 https://access.redhat.com/security/cve/CVE-2023-27901 https://bugzilla.redhat.com/show_bug.cgi?id=2177646 • CWE-404: Improper Resource Shutdown or Release CWE-770: Allocation of Resources Without Limits or Throttling •