CVE-2023-43741

HIGH

Buildkite Elastic CI - Privilege Escalation

Title source: llm
STIX 2.1

Description

A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.

References (1)

Core 1

Scores

CVSS v3 7.0
EPSS 0.0019
EPSS Percentile 9.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Products (2)
buildkite/elastic-ci-stack-for-aws 0 - 6.7.1Go
buildkite/elastic_ci_stack < 5.22.5
Published Dec 22, 2023
Tracked Since Feb 18, 2026