CVE-2023-32981

EUVD-2023-1480
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
jenkinspipeline_utility_steps
𝑥
≤ 2.15.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196