Description
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
Related Vulnerabilities
CVE-2017-4974 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server
CVE-2013-2115 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2012-3373 Vulnerability in maven package org.apache.wicket:wicket-request
CVE-2010-1157 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog