Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Integrations Multiple Cross-Site Scripting Vulnerabilities (1.3.10)
WordPress Plugin Crowd Ideas Cross-Site Scripting (1.0)
SharePoint CVE-2020-17061 Vulnerability (CVE-2020-17061)
Python Numeric Errors Vulnerability (CVE-2008-5031)
Oracle Database Server CVE-2011-0806 Vulnerability (CVE-2011-0806)