CVE-2023-43497

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-434
View all →

Vulnerability Description

In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.

Related Vulnerabilities

CVE-2012-2950

HIGH
CVSS:8.1(High)

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information.

CWE-4342012

CVE-2017-12615

HIGH
CVSS:8.1(High)

When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to th...

CWE-4342017

CVE-2017-12617

HIGH
CVSS:8.1(High)

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the De...

CWE-4342017

CVE-2017-3189

HIGH
CVSS:8.1(High)

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publ...

CWE-4342017

CVE-2018-12528

HIGH
CVSS:8.1(High)

An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router ...

CWE-4342018

CVE-2021-20104

HIGH
CVSS:8.1(High)

Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insufficient sanitization of file attachments uploaded with forms through upload.php.

CWE-4342021