Description
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2455
Related Vulnerabilities
CVE-2016-8744 Vulnerability in maven package org.apache.brooklyn:brooklyn
CVE-2021-21616 Vulnerability in maven package org.biouno:uno-choice
CVE-2012-4387 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2013-4286 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2014-0112 Vulnerability in maven package org.apache.struts.xwork:xwork-core