Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. https://www.jenkins.io/security/advisory/2023-03-08/#SECURITY-3058
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:1655 https://access.redhat.com/errata/RHSA-2023:1655
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-27903
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.12 Via RHSA-2023:3195 https://access.redhat.com/errata/RHSA-2023:3195
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2023:3198 https://access.redhat.com/errata/RHSA-2023:3198
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.13 Via RHSA-2023:3622 https://access.redhat.com/errata/RHSA-2023:3622
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2023:3663 https://access.redhat.com/errata/RHSA-2023:3663
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.12 Via RHSA-2024:0778 https://access.redhat.com/errata/RHSA-2024:0778
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2024:0775 https://access.redhat.com/errata/RHSA-2024:0775