Jenkins Pipeline Plugin Arbitrary File Writing Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Pipeline Plugin 448.v37cea_9a_10a_70 and earlier versions have an arbitrary file writing vulnerability that stems from allowing the pipeline The authorfile specifies parameters for the pipeline step, and although the uploaded files are not copied to the workspace, Jenkins archives the files on the controller as part of the build metadata, using the parameter names without cleanup as relative paths in the build-related directories, and an attacker could use the specified content to create or replace arbitrary files on the Jenkins controller file system.