Description
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
WordPress Plugin wpStoreCart 'upload.php' Arbitrary File Upload (2.5.29)
WordPress Plugin Appointment Booking Calendar Cross-Site Scripting (1.3.34)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-5394)
WordPress Plugin Images to WebP Multiple Vulnerabilities (1.8)
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Security Bypass (6.22.5)