Description
FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (7.2)
Tornado Improper Input Validation Vulnerability (CVE-2012-2374)
WordPress Plugin WP DS FAQ 'ajax.php' SQL Injection (1.3.2)
Plone CMS Use of Externally-Controlled Format String Vulnerability (CVE-2017-5524)