Description
In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.6.2)
WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability (0.6.2 - 2.8)
WordPress Plugin Easy Event calendar Cross-Site Scripting (1.0)
WordPress Plugin SMS Alert Order Notifications-WooCommerce Cross-Site Scripting (3.4.6)
WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)