Description
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
Related Vulnerabilities
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack
CVE-2020-35200 Vulnerability in maven package org.igniterealtime.openfire.plugins:clientcontrol
CVE-2015-5351 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2020-2214 Vulnerability in maven package org.jenkins-ci.plugins:zap-pipeline
CVE-2022-34813 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer