Description
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Remediation
References
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2011-1184 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2022-41654 Vulnerability in npm package ghost
CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard-impl
CVE-2023-49395 Vulnerability in maven package com.jfinal:jfinal
CVE-2023-3431 Vulnerability in maven package net.sourceforge.plantuml:plantuml