Description
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21594 Vulnerability (CVE-2022-21594)
WordPress Plugin MapSVG Lite Arbitrary File Upload (4.2.4)
Oracle Application Server Other Vulnerability (CVE-2002-0386)
WordPress Plugin Special Text Boxes Arbitrary File Upload (5.1.90)
WordPress Plugin SimpleFlickr Cross-Site Request Forgery (3.0.3)