Description
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.
Remediation
References
Related Vulnerabilities
WordPress Plugin Nested Pages Multiple Vulnerabilities (3.1.15)
Oracle Database Server Other Vulnerability (CVE-2002-0857)
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4627)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4522)
Ruby Improper Input Validation Vulnerability (CVE-2017-6181)