Arbitrary File Write
Affecting org.jenkins-ci.main:jenkins-core artifact, versions [,2.138.2) || [2.140, 2.146)Report new vulnerabilities
org.jenkins-ci.main:jenkins-core is an open source automation server.
Affected versions of this package are vulnerable to Arbitrary File Write. An attacker with Job/Configure permission could define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build.
org.jenkins-ci.main:jenkins-core to version 2.138.2, 2.146 or higher.