Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-0218)
OpenSSL Other Vulnerability (CVE-2006-7250)
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
WordPress Plugin ACF:Better Search SQL Injection (2.0.2)
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31552)