An improper input validation vulnerability exists in Jenkins versions 2.106 and previous versions, and LTS 2.89.3 and previous versions, that allows an malicious user to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
oracle communications cloud native core automated test suite 1.9.0 |