Description
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4224)
WordPress Plugin Download Shortcode Arbitrary File Disclosure (0.1)
RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2017-0903)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1171)