CVE-2023-43116 | Buildkite Elastic CI for AWS up to 5.22.4/6.7.0 PIPELINE_PATH symlink (ATREDIS-2023-0003)

Posted by Angelo Barbosa | Dec 22, 2023 | CVE

A vulnerability classified as critical has been found in Buildkite Elastic CI for AWS up to 5.22.4/6.7.0. Affected is an unknown function. The manipulation of the argument PIPELINE_PATH leads to symlink following.

This vulnerability is traded as CVE-2023-43116. The attack needs to be approached within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-43116 | Buildkite Elastic CI for AWS up to 5.22.4/6.7.0 PIPELINE_PATH symlink (ATREDIS-2023-0003)

Related Posts

CVE-2024-3491 | Schema & Structured Data for WP & AMP Plugin up to 1.29 on WordPress How To/FAQ Block cross site scripting

CVE-2024-2683 | Campcodes Online Job Finder System 1.0 /admin/company/index.php view cross site scripting

CVE-2024-21668 | mrousavy react-native-mmkv up to 2.10.x log file (GHSA-4jh3-6jhv-2mgp)

CVE-2023-49149 | CurrencyRate Currency Converter Calculator Plugin up to 1.3.1 on WordPress cross site scripting