Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core(Maven) | 2.376 | 2.387.1 | N/A |
| org.jenkins-ci.main:jenkins-core(Maven) | 0 | 2.375.4 | N/A |
| org.jenkins-ci.main:jenkins-core(Maven) | 2.388 | 2.394 | N/A |
CVSS Metrics
