Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
Remediation
References
Related Vulnerabilities
WordPress Plugin AI ChatBot Arbitrary File Deletion (4.9.2)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5205)
Moodle Other Vulnerability (CVE-2012-2366)
Drupal Data Processing Errors Vulnerability (CVE-2016-3171)
WordPress Plugin Ad Manager by WD-Advanced Ad Manager Multiple Vulnerabilities (1.0.11)