VuXML: jenkins -- multiple vulnerabilities

Affected packages

jenkins

2.394

jenkins-lts

2.387.1

Details

VuXML ID	f68bb358-be8e-11ed-9215-00e081b7aa2d
Discovery	2023-03-08
Entry	2023-03-09

VuXML ID

f68bb358-be8e-11ed-9215-00e081b7aa2d

Discovery

2023-03-08

Entry

2023-03-09

Jenkins Security Advisory:

Description

(High) SECURITY-3037 / CVE-2023-27898

XSS vulnerability in plugin manager

(Medium) SECURITY-3030 / CVE-2023-24998 (upstream issue), CVE-2023-27900 (MultipartFormDataParser), CVE-2023-27901 (StaplerRequest)

DoS vulnerability in bundled Apache Commons FileUpload library

(Medium) SECURITY-1807 / CVE-2023-27902

Workspace temporary directories accessible through directory browser

(Low) SECURITY-3058 / CVE-2023-27903

Temporary file parameter created with insecure permissions

(Low) SECURITY-2120 / CVE-2023-27904

Information disclosure through error stack traces related to agents

[source]

References

CVE Name

CVE-2023-24998

CVE Name

CVE-2023-27898

CVE Name

CVE-2023-27900

CVE Name

CVE-2023-27901

CVE Name

CVE-2023-27902

CVE Name

CVE-2023-27903

CVE Name

CVE-2023-27904

URL

https://www.jenkins.io/security/advisory/2023-03-08/