Description
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
Remediation
References
https://www.jenkins.io/security/advisory/2022-02-15/#SECURITY-2548
Related Vulnerabilities
CVE-2023-36479 Vulnerability in maven package org.eclipse.jetty:jetty-servlets
CVE-2021-21388 Vulnerability in npm package systeminformation
CVE-2021-21292 Vulnerability in maven package org.traccar:traccar
CVE-2023-37466 Vulnerability in npm package vm2
CVE-2020-26258 Vulnerability in maven package com.thoughtworks.xstream:xstream