CVE-2023-32981: Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability

May 16, 2023 (updated May 17, 2023)

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.

References

github.com/advisories/GHSA-6987-xccv-fhjp
nvd.nist.gov/vuln/detail/CVE-2023-32981
www.jenkins.io/security/advisory/2023-05-16/

Detect and mitigate CVE-2023-32981 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →