CVE-2023-32981
First published: Tue May 16 2023(Updated: )
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
Credit: jenkinsci-cert@googlegroups.com jenkinsci-cert@googlegroups.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=2.15.2 | ||
| Jenkins Pipeline Utility Steps | <=2.15.2 | |
| maven/org.jenkins-ci.plugins:pipeline-utility-steps | <2.15.3 | 2.15.3 |
| redhat/Pipeline Utility Steps Plugin | <2.15.3 | 2.15.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2023-32981
- https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
- https://github.com/jenkinsci/pipeline-utility-steps-plugin/commit/0ba4f329ee27c023609653e25bdd5604c5e46a11
- https://github.com/advisories/GHSA-6987-xccv-fhjp (Advisory)
- https://access.redhat.com/errata/RHSA-2023:3610
- https://access.redhat.com/errata/RHSA-2023:3663
- https://access.redhat.com/errata/RHSA-2023:3625
- https://access.redhat.com/security/cve/cve-2023-32981
- https://bugzilla.redhat.com/show_bug.cgi?id=2207835
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-6987-xccv-fhjp
- alias/CVE-2023-32981
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- collector/github-advisory
- source/GitHub
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- collector/nvd-cve
- source/NVD
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/jenkins
- canonical/jenkins pipeline utility steps
- version/jenkins pipeline utility steps/2.15.2
- package-manager/maven
- package-manager/redhat