Описание
Path traversal vulnerability in Jenkins agent names
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart.
Jenkins 2.275, LTS 2.263.2 ensures that agent names are considered valid names for items to prevent this problem.
In case of problems, this change can be reverted by setting the Java system property jenkins.model.Nodes.enforceNameRestrictions to false.
Пакеты
org.jenkins-ci.main:jenkins-core
< 2.263.2
2.263.2
org.jenkins-ci.main:jenkins-core
>= 2.264, < 2.275
2.275
Связанные уязвимости
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with A ...