Description
Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a trailing dot character, potentially replacing the configuration and data of other entities on Windows.
Remediation
References
Related Vulnerabilities
WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.7.6)
WordPress Plugin Add Any Extension to Pages Cross-Site Scripting (1.3)
WordPress Plugin Timed Popup Cross-Site Request Forgery (1.3)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-12023)