Jenkins Improper Link Resolution Before File Access (Link Following) Vulnerability - CVE-2021-21686
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier LTS 2.303.2 and earlier do not canonicalize paths allowing operations to follow symbolic links to outside allowed directories.