Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
Related Vulnerabilities
CVE-2023-26149 Vulnerability in maven package org.webjars.npm:quill-mention
CVE-2022-36083 Vulnerability in npm package jose-node-esm-runtime
CVE-2019-0193 Vulnerability in maven package org.apache.solr:solr-core
CVE-2021-22112 Vulnerability in maven package org.springframework.security:spring-security-core
CVE-2023-37544 Vulnerability in maven package org.apache.pulsar:pulsar-broker