CVE-2023-43116

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Dec 22, 2023
Updated: Jan 3, 2024
CWE ID 59

Summary

CVE-2023-43116 is a symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5. The vulnerability allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. This vulnerability has a high severity level with a base score of 7.8 according to NVD@NIST. It poses a potential danger to organizations as it can allow unauthorized access and modification of sensitive data. To remediate this vulnerability, users should update their Buildkite Elastic CI for AWS to version 6.7.1 or 5.22.5 or later versions when they become available.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-43116 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options