Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Remediation
References
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
http://www.openwall.com/lists/oss-security/2021/11/04/3
Related Vulnerabilities
CVE-2021-41086 Vulnerability in npm package jsuites
CVE-2018-11696 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2020-5230 Vulnerability in maven package org.opencastproject:base
CVE-2021-21423 Vulnerability in npm package projen
CVE-2023-31417 Vulnerability in maven package org.elasticsearch:elasticsearch