buildkite CVE Vulnerabilities & CVE List (2)

Products (CPE): — CVEs: 2

buildkite vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to buildkite, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2023-43741	A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.	[email protected]	7.0	0.04%	2023-12-22	2024-11-21
CVE-2023-43116	A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.	[email protected]	7.8	0.08%	2023-12-22	2024-11-21

cvelogic Threat Intelligence