2 matches found
jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE
A vulnerability was found in the Remoting library in Jenkins core, which handles communication between the Jenkins controller and agents. The ClassLoaderProxyfetchJar function may allow malicious agents or attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller...
Arbitrary File Read
org.jenkins-ci.main, jenkins-core and org.jenkins-ci.main, remoting are vulnerable to Arbitrary File Read. The vulnerability is caused due to a missing validation on the file paths that are invoked on the controller by the agent while retrieving files using API ClassLoaderProxyfetchJar. This allo...