Description
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (12.0.4)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (6.3.0)
WordPress Plugin My Category Order 'parentID' Parameter SQL Injection (2.8)
Oracle Database Server CVE-2019-2955 Vulnerability (CVE-2019-2955)