CVE-2023-43498 – This vulnerability in Jenkins allows attackers ... (How to Fix)

Q: What is the severity of CVE-2023-43498?

CVE-2023-43498 has a CVSS score of 8.1 (HIGH). This vulnerability in Jenkins allows attackers with file system access to read and write temporary files created during file uploads before Jenkins processes them. It affects Jenkins 2.423 and earlier, and LTS 2.414.1 and earlier. Attackers could potentially access sensitive data or inject malicious content.

📋 TL;DR

This vulnerability in Jenkins allows attackers with file system access to read and write temporary files created during file uploads before Jenkins processes them. It affects Jenkins 2.423 and earlier, and LTS 2.414.1 and earlier. Attackers could potentially access sensitive data or inject malicious content.

💻 Affected Systems

Products:

Jenkins

Versions: Jenkins 2.423 and earlier, Jenkins LTS 2.414.1 and earlier

Operating Systems: All operating systems running affected Jenkins versions

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. The vulnerability exists in the MultipartFormDataParser component.

📦 What is this software?

Jenkins by Jenkins

View all CVEs affecting Jenkins →

Jenkins by Jenkins

View all CVEs affecting Jenkins →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive data from temporary files or inject malicious content that gets processed by Jenkins, potentially leading to data theft, code execution, or system compromise.

🟠

Likely Case

Attackers with existing file system access could read temporary files containing potentially sensitive upload data before Jenkins processes them.

🟢

If Mitigated

With proper file system access controls, the impact is limited as attackers would need prior access to exploit this vulnerability.

🌐 Internet-Facing: LOW - This requires file system access, which internet-facing systems typically restrict.

🏢 Internal Only: MEDIUM - Internal attackers with file system access could exploit this, but they would need specific permissions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires file system access to the Jenkins controller, which typically requires some level of existing access or privilege.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Jenkins 2.424, Jenkins LTS 2.414.2

Vendor Advisory: https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073

Restart Required: Yes

Instructions:

1. Backup your Jenkins instance. 2. Upgrade to Jenkins 2.424 or Jenkins LTS 2.414.2 or later. 3. Restart Jenkins service. 4. Verify the upgrade completed successfully.

🔧 Temporary Workarounds

Restrict file system access

all

Limit file system access to Jenkins controller to trusted users only

Use secure temporary directory

all

Configure Jenkins to use a secure temporary directory with restricted permissions

Set java.io.tmpdir system property to a secure location

🧯 If You Can't Patch

Implement strict file system access controls to limit who can access Jenkins controller files
Monitor file system access logs for suspicious activity on Jenkins temporary directories

🔍 How to Verify

Check if Vulnerable:

Check Jenkins version via Manage Jenkins > About Jenkins or via CLI with 'java -jar jenkins.war --version'

Check Version:

java -jar jenkins.war --version

Verify Fix Applied:

Verify Jenkins version is 2.424 or later, or LTS 2.414.2 or later

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in Jenkins temporary directories
Multiple failed file upload attempts

Network Indicators:

Unusual file upload patterns to Jenkins

SIEM Query:

source="jenkins.log" AND ("temporary file" OR "upload" OR "MultipartFormDataParser")

📊 Metadata

CVE ID: CVE-2023-43498

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-377

Published: September 20, 2023

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2023/09/20/5 Mailing List,Third Party Advisory
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/09/20/5 Mailing List,Third Party Advisory
https://www.jenkins.io/security/advisory/2023-09-20/#SECURITY-3073 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43498, you might also want to check these: