Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Remediation
References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2021
Related Vulnerabilities
CVE-2023-29016 Vulnerability in maven package io.goobi.viewer:viewer-core
CVE-2023-34149 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2022-45064 Vulnerability in maven package org.apache.sling:org.apache.sling.engine
CVE-2020-10705 Vulnerability in maven package io.undertow:undertow-core
CVE-2019-10379 Vulnerability in maven package org.jenkins-ci.plugins:gcm-notification