Description
The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Slider for WooCommerce by PickPlugins Cross-Site Scripting (1.13.41)
Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)
Rukovoditel Improper Input Validation Vulnerability (CVE-2020-11819)
WordPress Plugin Floating Cart for WooCommerce Security Bypass (1.2.2)