Jenkins CloudBees CD Plugin <1.1.32 Symlink Attack Publishes Arbitrary Files
CVE-2023-46655 Published on October 25, 2023
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.
Products Associated with CVE-2023-46655
Want to know whenever a new CVE is published for Jenkins Cloudbees Cd? stack.watch will email you.
Affected Versions
Jenkins Project Jenkins CloudBees CD Plugin:- Before and including 1.1.32 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.