Description
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2021-39233 Vulnerability in maven package org.apache.ozone:ozone-main
CVE-2019-10374 Vulnerability in maven package org.jenkins-ci.plugins:pegdown-formatter
CVE-2019-10440 Vulnerability in maven package org.jenkins-ci.plugins:neoload-jenkins-plugin
CVE-2020-2183 Vulnerability in maven package org.jenkins-ci.plugins:copyartifact
CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt