Search for packages
| purl | pkg:rpm/redhat/jenkins@2.387.1.1683009763-3?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 2.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-432r-ukuw-4bgt
Aliases: CVE-2023-27903 GHSA-584m-7r4m-8j6v |
Incorrect Authorization Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. | There are no reported fixed by versions. |
|
VCID-6925-fwf4-f7df
Aliases: CVE-2023-27904 GHSA-rrgp-c2w8-6vg6 |
Generation of Error Message Containing Sensitive Information Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T13:55:08.126337+00:00 | RedHat Importer | Affected by | VCID-6925-fwf4-f7df | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27904.json | 38.0.0 |
| 2026-04-01T13:55:07.844456+00:00 | RedHat Importer | Affected by | VCID-432r-ukuw-4bgt | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27903.json | 38.0.0 |