Description
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Remediation
References
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2023-43496 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2021-39233 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.api
CVE-2016-4003 Vulnerability in maven package org.apache.struts:struts2-core