Jenkins CloudBees CD Plug 1.1.32 Symlink Deletion Enables File Deletion
CVE-2023-46654 Published on October 25, 2023

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.

Vendor Advisory NVD

Products Associated with CVE-2023-46654

Want to know whenever a new CVE is published for Jenkins Cloudbees Cd? stack.watch will email you.

Jenkins Cloudbees Cd

Affected Versions

Jenkins Project Jenkins CloudBees CD Plugin:

Before and including 1.1.32 is affected.

Exploit Probability

EPSS

0.12%

Percentile

30.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins CloudBees CD Plug 1.1.32 Symlink Deletion Enables File DeletionCVE-2023-46654 Published on October 25, 2023

Products Associated with CVE-2023-46654

Affected Versions

Exploit Probability

Jenkins CloudBees CD Plug 1.1.32 Symlink Deletion Enables File Deletion
CVE-2023-46654 Published on October 25, 2023