CVE-2019-10352 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary file overwrite
Description	A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to store the uploaded file on the Jenkins master, resulting in an arbitrary file write vulnerability.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1012	jenkins	2.185-1	2.186-1	High	Fixed

References
https://jenkins.io/security/advisory/2019-07-17/