Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Jenkins 后置链接漏洞
Vulnerability Description
Jenkins是Jenkins开源的一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。 Jenkins 存在后置链接漏洞,该漏洞源于 Jenkins 2.318 及更早版本、LTS 2.303.2 及更早版本的代理到控制器安全子系统中的文件路径过滤器不规范化路径,允许操作遵循符号链接到允许的外部目录。
CVSS Information
N/A
Vulnerability Type
N/A