An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-2196
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.12 Via RHSA-2023:3610 https://access.redhat.com/errata/RHSA-2023:3610
This issue has been addressed in the following products: OpenShift Developer Tools and Services for OCP 4.11 Via RHSA-2023:3663 https://access.redhat.com/errata/RHSA-2023:3663
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.10 Via RHSA-2023:3625 https://access.redhat.com/errata/RHSA-2023:3625
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-32981