Description
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Remediation
References
Related Vulnerabilities
Grafana Improper Synchronization Vulnerability (CVE-2023-2801)
WordPress Plugin MATRIX 3D Cross-Site Scripting (1.2)
Oracle Database Server CVE-2019-2753 Vulnerability (CVE-2019-2753)
WordPress Plugin Enable Media Replace Directory Traversal (3.6.3)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)