Jenkins Scriptler Plugin 342.v6a_89fd40f466 and previous versions does not restrict a file name query parameter in an HTTP endpoint, allowing attackers with Scriptler/Configure permission to delete arbitrary files on the Jenkins controller file system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins scriptler |