Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Remediation
References
Related Vulnerabilities
Drupal Remote Code Execution Vulnerability (CVE-2020-13671)
WordPress Plugin Simple Fields Cross-Site Scripting (1.4.11)
Apache HTTP Server Other Vulnerability (CVE-2002-0843)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4304)
Oracle Application Server CVE-2009-0990 Vulnerability (CVE-2009-0990)