Description
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
Remediation
References
Related Vulnerabilities
Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)
WebLogic CVE-2022-21361 Vulnerability (CVE-2022-21361)
WordPress Plugin Digital Climate Strike WP Malicious Redirects (1.0.0)
WordPress Plugin AgentEasy Properties Cross-Site Scripting (1.0.4)
Dolibarr Incorrect Authorization Vulnerability (CVE-2020-12669)