Description
Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2238 Vulnerability (CVE-2011-2238)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5731)
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-9787)
WordPress Plugin Html5 Audio Player-Audio Player for WordPress Cross-Site Scripting (2.1.2)
Envoy Proxy Integer Overflow or Wraparound Vulnerability (CVE-2021-28682)