Description
FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2019-2956 Vulnerability (CVE-2019-2956)
WordPress Plugin WP Import Export Information Disclosure (3.9.15)
WebLogic CVE-2020-14640 Vulnerability (CVE-2020-14640)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7572)
WordPress Plugin Asset CleanUp:Page Speed Booster Cross-Site Scripting (1.3.6.7)