CVE-2023-43116

Published: Dec 22, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.

Affected (2)

Products: Buildkite: Elastic Ci Stack

1 product

Elastic Ci Stack

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Buildkite Elastic Ci Stack	Before 5.22.5
Buildkite Elastic Ci Stack	From 6.0.0 to 6.7.1

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.