Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Remediation
References
Related Vulnerabilities
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)
Drupal Other Vulnerability (CVE-2005-3975)
WordPress Plugin iTwitter Multiple Vulnerabilities (0.04)
WordPress Plugin MetaSlider Cross-Site Scripting (2.6.2)
WordPress Plugin uTubeVideo Gallery Unspecified Vulnerability (2.0.6)