Security Advisory

CVE-2023-46654

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-25 13:45:55

Last updated 2025-02-13 17:14:28

Assigner jenkins

State PUBLISHED

Description

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the CloudBees CD - Publish Artifact post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.

← Browse all CVEs View on cve.org ↗