CVE-2019-10352 log

Severity High
Remote Yes
Type Arbitrary file overwrite
A vulnerability has been found in Jenkins before 2.186, where users with Job/Configure permission could specify a relative path escaping the base directory in the file name portion of a file parameter definition. This path would be used to store the uploaded file on the Jenkins master, resulting in an arbitrary file write vulnerability.
Group Package Affected Fixed Severity Status Ticket
AVG-1012 jenkins 2.185-1 2.186-1 High Fixed