Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
Related Vulnerabilities
CVE-2020-36184 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2020-23849 Vulnerability in npm package jsoneditor
CVE-2022-21213 Vulnerability in npm package mout
CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver