Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
Related Vulnerabilities
CVE-2023-50774 Vulnerability in maven package org.jenkins-ci.plugins:htmlresource
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui
CVE-2020-7708 Vulnerability in npm package @irrelon/path
CVE-2020-1960 Vulnerability in maven package org.apache.flink:flink-metrics-jmx
CVE-2019-13235 Vulnerability in maven package org.opencms:opencms-core