Description
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Remediation
References
Related Vulnerabilities
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-6232)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1111)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4522)
Oracle Database Server CVE-2020-2737 Vulnerability (CVE-2020-2737)