Jenkins HashiCorp Vault Plugin Arbitrary File Read Vulnerability

Jenkins is a Jenkins open source application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier versions contain an arbitrary file read vulnerability that stems from the plugin’s implementation of a feature that allows the agent process to read arbitrary files on the Jenkins controller file system. An attacker could use this vulnerability to control the agent process to read arbitrary files on the Jenkins controller file system.