Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-32981

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.

Published

2023-05-16T16:15:10.833

Last Modified

2025-01-23T21:15:11.753

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-787
Type: Secondary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	jenkins	pipeline_utility_steps	≤ 2.15.2	Yes

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196 Vendor Advisory ([email protected])
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)