The file browser in Jenkins 2.314 and previous versions, LTS 2.303.1 and previous versions may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Overall/Read permission (Windows controller) or Job/Workspace permission (Windows agents) to obtain the contents of arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |