Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452
Related Vulnerabilities
CVE-2023-41049 Vulnerability in npm package @dcl/single-sign-on-client
CVE-2019-10305 Vulnerability in maven package com.xebialabs.xl-deploy:jenkins-dependendencies
CVE-2020-6454 Vulnerability in npm package electron
CVE-2023-50723 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui
CVE-2023-32977 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-job