Description
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions.
Remediation
References
http://www.openwall.com/lists/oss-security/2021/11/04/3
https://www.jenkins.io/security/advisory/2021-11-04/#SECURITY-2428
Related Vulnerabilities
CVE-2022-36897 Vulnerability in maven package com.compuware.jenkins:compuware-xpediter-code-coverage
CVE-2020-1958 Vulnerability in maven package org.apache.druid.extensions:druid-basic-security
CVE-2018-1002204 Vulnerability in npm package adm-zip
CVE-2023-28155 Vulnerability in maven package org.webjars.bower:request
CVE-2021-41973 Vulnerability in maven package org.apache.mina:mina-http