Vulnerability Details : CVE-2023-27902

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.

Published 2023-03-10 21:15:16

Updated 2023-03-16 17:15:39

Source Jenkins Project

View at NVD, CVE.org

Threat overview for CVE-2023-27902

Top countries where our scanners detected CVE-2023-27902

Top open port discovered on systems with this issue 22

IPs affected by CVE-2023-27902 43,023

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2023-27902!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2023-27902

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 11 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-27902

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	2.8	1.4	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

References for CVE-2023-27902

https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-1807

Jenkins Security Advisory 2023-03-08
Vendor Advisory

Products affected by CVE-2023-27902

Jenkins » Jenkins »
Versions before (<) 2.394
cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*
Matching versions
Jenkins » Jenkins » LTS Edition
Versions before (<) 2.375.4
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Matching versions