Description
Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read permission.
Remediation
References
Related Vulnerabilities
OpenSSL Other Vulnerability (CVE-2002-0655)
PHP mail function ASCII control character header spoofing vulnerability
Nginx Out-of-bounds Write Vulnerability (CVE-2011-4315)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6103)
WordPress Plugin ManageWP Worker Unspecified Vulnerability (4.1.7)