GHSA-F585-9FW3-RJ2M Arbitrary file existence check in file fingerprints in Jenkins

Jenkins provides a feature for jobs to store and track fingerprints of files used during a build. Jenkins 2.274 and earlier, LTS 2.263.1 and earlier provides a REST API to check where a given fingerprint was used by which builds. This endpoint does not fully validate that the provided fingerprint...

Authorization Bypass

Jenkins is vulnerable to authorization bypass. Improperly validation of the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path...