Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.
Remediation
References
Related Vulnerabilities
WordPress Plugin Redirection HTTP Referrer Header HTML Injection (2.2.9)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8)
WordPress Plugin Youtube shortcode Cross-Site Scripting (1.8.5)
WordPress Plugin Quick Restaurant Menu Multiple Vulnerabilities (2.0.2)
WordPress Plugin Events Calendar for Google Local File Inclusion (2.1.0)