Description
The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks.
Remediation
References
https://jenkins.io/security/advisory/2017-10-11/
Related Vulnerabilities
CVE-2019-16569 Vulnerability in maven package org.jenkins-ci.plugins:mantis
CVE-2019-10062 Vulnerability in npm package aurelia-framework
CVE-2018-15494 Vulnerability in npm package dojox
CVE-2019-1003049 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2013-6372 Vulnerability in maven package org.jenkins-ci.plugins:subversion