|Type||Arbitrary filesystem access|
A security issue has been found in Jenkins before version 2.319. FilePath#reading(FileVisitor) does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, #copyRecursiveTo). This allows agent processes to read and write arbitrary files on the Jenkins controller file system, and obtain some information about Jenkins controller file systems.
|05 Nov 2021||ASA-202111-1||AVG-2526||jenkins||Critical||multiple issues|