{"vulnerability": "CVE-2023-43496", "sightings": [{"uuid": "f74dc153-2ec6-4642-944f-3d2a3c5a8e1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43496", "type": "seen", "source": "https://t.me/arpsyndicate/2382", "content": "#ExploitObserverAlert\n\nCVE-2023-43496\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-43496. Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.\n\nFIRST-EPSS: 0.000550000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2024-01-03T23:29:41.000000Z"}, {"uuid": "b5a8670e-4a6f-42fa-8348-e10208d43da7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43496", "type": "seen", "source": "https://t.me/cibsecurity/70805", "content": "\u203c CVE-2023-43496 \u203c\n\nJenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-20T20:30:16.000000Z"}, {"uuid": "8ab44a7a-e23f-4176-ad2b-e30d352b165e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43496", "type": "seen", "source": "https://t.me/ctinow/180736", "content": "https://ift.tt/eJL1NGj\nCVE-2023-43496 | Oracle Communications Cloud Native Core Security Edge Protection Proxy Dashboard default permission", "creation_timestamp": "2024-02-07T15:17:02.000000Z"}, {"uuid": "a1c284a9-277e-4e9a-aaad-146ea68a931f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43496", "type": "seen", "source": "https://t.me/ctinow/180735", "content": "https://ift.tt/GR5ZHFD\nCVE-2023-43496 | Oracle Communications Cloud Native Core Network Repository Function Install/Upgrade default permission", "creation_timestamp": "2024-02-07T15:17:01.000000Z"}, {"uuid": "897c913b-73f6-4932-a558-c1270cade395", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43496", "type": "seen", "source": "https://t.me/ctinow/180734", "content": "https://ift.tt/Eqy6tSh\nCVE-2023-43496 | Oracle Communications Cloud Native Core Automated Test Suite ATS Framework default permission", "creation_timestamp": "2024-02-07T15:16:59.000000Z"}]}