CVE-2023-27902

Name of the Vulnerable Software and Affected Versions Jenkins versions 2.393 and earlier Jenkins LTS versions 2.375.3 and earlier Jenkins versions prior to LTS 2.387.1

Description The issue allows attackers with Item/Workspace permission to access the contents of temporary directories related to job workspaces. These temporary directories are used by Jenkins to store temporary files related to the build and may contain credentials stored by Jenkins-controlled processes.

Recommendations For Jenkins versions 2.393 and earlier, consider updating to version 2.394 or later. For Jenkins LTS versions 2.375.3 and earlier, consider updating to version 2.375.4 or later. For versions prior to LTS 2.387.1, consider updating to version LTS 2.387.1 or later. As a temporary workaround, do not grant Item/Workspace permission to users who lack Item/Configure permission.