ASA-2018-00088 – Jenkins: Workspace browser allowed accessing files outside the workspace

The file browser for workspaces, archived artifacts, and $JENKINS_HOME/userContent/ followed symbolic links to locations outside the directory being browsed. While builds typically have access to the file system outside the workspace allocated by Jenkins, this should not extend to beyond the execution of a build on that agent. Notably, the configuration may have been changed to not allow a build to run on a given agent, but the workspace used during the previous execution still exists, and could allow browsing the file system outside the workspace.