CVE-2023-43741

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Dec 22, 2023

Updated: Jan 3, 2024

CWE ID 367

Summary

CVE-2023-43741 is a race condition vulnerability affecting Buildkite Elastic CI for AWS before versions 6.7.1 and 5.22.5. The issue lies in the "fix-buildkite-agent-builds-permissions" script where the PIPELINE_PATH variable is checked. An attacker can exploit this time-of-check-time-of-use vulnerability to bypass the symbolic link check and gain unauthorized access to build processes as the buildkite-agent user.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Buildkite Pty Ltd

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/swdnMq
https://www.cve.org/CVERecord?id=CVE-2023-43741
https://nvd.nist.gov/vuln/detail/CVE-2023-43741

Back to Vulnerability Database

CVE-2023-43741

CVSS 3.1 Score 7.0 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations