VYPR
High severity8.8NVD Advisory· Published Sep 20, 2023· Updated Jun 17, 2026

CVE-2023-43496

CVE-2023-43496

Description

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:jenkins-coreMaven
>= 2.50, < 2.414.22.414.2
org.jenkins-ci.main:jenkins-coreMaven
>= 2.415, < 2.4242.424

Affected products

3

Patches

Vulnerability mechanics

References

5

News mentions

1