Description
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455
Related Vulnerabilities
CVE-2019-3774 Vulnerability in maven package org.springframework.batch:spring-batch-core
CVE-2020-2307 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes
CVE-2018-18282 Vulnerability in npm package next
CVE-2017-4992 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-26048 Vulnerability in maven package org.eclipse.jetty:jetty-server