Description
Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override the global `config.xml` file.
Remediation
References
Related Vulnerabilities
WordPress Plugin stm-megamenu Local File Inclusion (2.3.12)
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10002)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3722)
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4733)
WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)