Description
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
Remediation
References
Related Vulnerabilities
Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888)
WordPress Plugin Slideshow Gallery LITE Multiple Cross-Site Scripting Vulnerabilities (1.6.5)
WordPress Plugin Frontend File Manager Arbitrary File Upload (3.7)
WordPress Plugin Amelia-Events & Appointments Booking Calendar Multiple Vulnerabilities (1.0.45)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3546)