Description
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Remediation
References
Related Vulnerabilities
Oracle HTTP Server Other Vulnerability (CVE-2006-5347)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5341)
WordPress Plugin Catch Infinite Scroll Security Bypass (1.8.1)
Drupal Core 5.x Multiple Vulnerabilities (5.0 - 5.12)
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)