CVE-2023-43116
HIGH
7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0009
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
59
Improper Link Resolution Before File Access ('Link Following')
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Access Control
Other
Potential Impacts:
Read Files Or Directories
Modify Files Or Directories
Bypass Protection Mechanism
Execute Unauthorized Code Or Commands
Applicable Platforms
Operating Systems:
Windows, Unix
Application
Elastic Ci Stack by Buildkite
Version Range Affected
From
6.0.0
(inclusive)
To
6.7.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:buildkite:elastic_ci_stack:*:*:*:*:*:aws:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Elastic Ci Stack by Buildkite
Version Range Affected
To
5.22.5
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:buildkite:elastic_ci_stack:*:*:*:*:*:aws:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md