The agent to master security subsystem ensures that the Jenkins master is protected from maliciously configured agents. A path traversal vulnerability allowed agents to escape whitelisted directories to read and write to files they should not be able to access.
External References:
https://jenkins.io/security/advisory/2018-05-09/