Moderate severityNVD Advisory· Published Mar 8, 2023· Updated Feb 28, 2025
CVE-2023-27902
CVE-2023-27902
Description
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 2.376, < 2.387.1 | 2.387.1 |
org.jenkins-ci.main:jenkins-coreMaven | < 2.375.4 | 2.375.4 |
org.jenkins-ci.main:jenkins-coreMaven | >= 2.388, < 2.394 | 2.394 |
Affected products
9- osv-coords8 versionspkg:apk/chainguard/jenkinspkg:apk/chainguard/jenkins-compatpkg:apk/chainguard/jenkins-remotingpkg:apk/wolfi/jenkinspkg:apk/wolfi/jenkins-compatpkg:apk/wolfi/jenkins-remotingpkg:bitnami/jenkinspkg:maven/org.jenkins-ci.main/jenkins-core
< 2.395-r0+ 7 more
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.395-r0
- (no CPE)range: < 2.394.0
- (no CPE)range: >= 2.376, < 2.387.1
- Range: 2.394
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-cj6r-8pxj-5jv6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-27902ghsaADVISORY
- www.jenkins.io/security/advisory/2023-03-08/ghsavendor-advisoryWEB
- github.com/CVEProject/cvelist/blob/master/2023/27xxx/CVE-2023-27902.jsonghsaWEB
- github.com/jenkinsci/jenkins/commit/80452662b31ac6c9f4418cffae1af6af4daf479aghsaWEB
News mentions
1- Jenkins Security Advisory 2023-03-08Jenkins Security Advisories · Mar 8, 2023