Description
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455
Related Vulnerabilities
CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro
CVE-2023-36471 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml
CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2023-2512 Vulnerability in npm package workerd
CVE-2020-28470 Vulnerability in npm package @scullyio/scully