Dholland2022

**Name of the Vulnerable Software and Affected Versions** Jenkins Credentials Binding Plugin versions prior to 719.v80e905ef14eb **Description** Insufficient sanitization of file names for file and zip file credentials allows attackers who can provide credentials to a job to write files to arbitrary locations on the node filesystem. This can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node. **Recommendations** Update the plugin to a version later than 719.v80e905ef14eb .