Description
Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files.
Remediation
References
http://www.securityfocus.com/bid/101773
https://jenkins.io/security/advisory/2017-11-08/
Related Vulnerabilities
CVE-2021-27191 Vulnerability in npm package get-ip-range
CVE-2022-45470 Vulnerability in maven package org.apache.hama:hama-core
CVE-2014-3651 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2018-3766 Vulnerability in npm package buttle
CVE-2021-21252 Vulnerability in npm package jquery-validation