CVE-2018-1000068

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.106 and earlier Jenkins LTS versions 2.89.3 and earlier

Description: An issue exists due to improper input validation, allowing an attacker to access certain plugin resource files that should be restricted. This issue is particularly relevant when the Jenkins home directory is located on a case-insensitive file system.

Recommendations: For Jenkins versions 2.106 and earlier, update to a version later than 2.106 to resolve the issue. For Jenkins LTS versions 2.89.3 and earlier, update to a version later than 2.89.3 to resolve the issue.