{"id":"CVE-2023-43116","details":"A symbolic link following vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to change ownership of arbitrary directories via the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script.","aliases":["GHSA-7c44-7j7v-w554"],"modified":"2026-04-10T05:03:52.886960Z","published":"2023-12-22T10:15:11.110Z","references":[{"type":"EVIDENCE","url":"https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0003.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/buildkite/elastic-ci-stack-for-aws","events":[{"introduced":"0"},{"fixed":"f3f9ff8b29696091f5cca05477c0756aa8ad3cee"},{"introduced":"aec74ffe818542e83c6221c48b7a21d4383fef78"},{"fixed":"7b3b8a91a094865d0c1f576da0ae82d822a1bd16"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.22.5"},{"introduced":"6.0.0"},{"fixed":"6.7.1"}]}}],"versions":["v1.0","v1.1","v1.1.1","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0-rc4","v2.0.0-rc5","v2.0.0-rc6","v2.0.0-rc7","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.1.2","v2.2.0","v2.2.0-rc1","v2.2.0-rc2","v2.2.0-rc3","v2.2.0-rc4","v2.3.0","v2.3.1","v2.3.5-rc1","v3.0.0","v3.0.0-rc1","v3.1.0","v3.1.1","v3.2.0","v3.2.1","v4.0.0","v4.0.0-rc1","v4.0.0-rc2","v4.0.0-rc3","v4.0.1","v4.0.2","v4.0.3","v4.0.4","v4.1.0","v4.2.0","v4.3.0","v4.3.1","v4.3.2","v5.0.0","v5.0.0-beta1","v5.1.0","v5.10.0","v5.11.0","v5.11.2","v5.12.0","v5.13.0","v5.14.0","v5.15.0","v5.17.0","v5.18.0","v5.19.0","v5.2.0","v5.20.0","v5.21.0","v5.22.0","v5.22.1","v5.22.2","v5.22.3","v5.22.4","v5.3.0","v5.3.1","v5.3.2","v5.6.1","v6.0.0","v6.1.0","v6.2.0","v6.3.0","v6.4.0","v6.5.0","v6.6.0","v6.7.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-43116.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}