CVE-2023-46654

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the ‘CloudBees CD – Publish Artifact’ post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.

Source: CVE-2023-46654