P1S1O

**Name of the Vulnerable Software and Affected Versions** Jenkins Pipeline: Groovy Libraries Plugin versions prior to 797.v90ea a 9b e45a 0 **Description** The plugin does not prohibit symbolic links in shared libraries. This allows attackers who can control the content of a library used by a Pipeline job to read arbitrary files on the Jenkins controller filesystem. **Recommendations** Update to a version later than 797.v90ea a 9b e45a 0.