Description
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Remediation
References
Related Vulnerabilities
WordPress Plugin SAML SP Single Sign On-SSO login Cross-Site Scripting (4.8.72)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5629)
WordPress Plugin XML Sitemap & Google News feeds Cross-Site Scripting (4.5)
Oracle Database Server CVE-2018-3110 Vulnerability (CVE-2018-3110)