Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection due to build operations being performed on the Jenkins controller instead of the assigned agent. An attacker can execute arbitrary code on the Jenkins controller by obtaining Item/Configure permission. Remediati...