vulnerability
Red Hat OpenShift: CVE-2023-27903: Jenkins: Temporary file parameter created with insecure permissions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:L/AC:L/Au:S/C:P/I:P/A:N) | Mar 10, 2023 | May 10, 2023 | Aug 11, 2025 |
Severity
3
CVSS
(AV:L/AC:L/Au:S/C:P/I:P/A:N)
Published
Mar 10, 2023
Added
May 10, 2023
Modified
Aug 11, 2025
Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Solution
linuxrpm-upgrade-jenkins
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.