org.jenkins-ci.main, jenkins-core and org.jenkins-ci.main, remoting are vulnerable to Arbitrary File Read. The vulnerability is caused due to a missing validation on the file paths that are invoked on the controller by the agent while retrieving files using API ClassLoaderProxy#fetchJar. This allows agent processes, code running on agents, and attackers with Agent/Connect permission to read arbitrary files from the Jenkins controller file…Read More