Description
An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.
Remediation
References
https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
Related Vulnerabilities
CVE-2022-40146 Vulnerability in maven package org.apache.xmlgraphics:batik-bridge
CVE-2016-3093 Vulnerability in maven package ognl:ognl
CVE-2019-10364 Vulnerability in maven package org.jenkins-ci.plugins:ec2
CVE-2023-37950 Vulnerability in maven package com.mabl.integration.jenkins:mabl-integration
CVE-2018-1000152 Vulnerability in maven package org.jenkins-ci.plugins:vsphere-cloud