Description
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
Remediation
References
https://jenkins.io/security/advisory/2018-05-09/#SECURITY-788
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2017-7678 Vulnerability in maven package org.apache.spark:spark-core
CVE-2010-4207 Vulnerability in npm package yui
CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request
CVE-2019-16569 Vulnerability in maven package org.jenkins-ci.plugins:mantis
CVE-2022-41230 Vulnerability in maven package org.jenkins-ci.plugins:build-publisher