Description
Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP SEO Redirect 301 Cross-Site Request Forgery (2.3.1)
WordPress Plugin WP Activity Log Cross-Site Request Forgery (4.1.3.2)
OpenSSL Improper Certificate Validation Vulnerability (CVE-2019-1552)
Oracle JRE CVE-2012-5071 Vulnerability (CVE-2012-5071)
WordPress Plugin WP Job Manager Cross-Site Scripting (1.26.1)