CVE-2022-34177 Information

Description

Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for file parameters for Pipeline input steps on the controller as part of build metadata using the parameter name without sanitization as a relative path inside a build-related directory allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.

Reference

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2705