Description
Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-14702 Vulnerability (CVE-2020-14702)
WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.7)
WordPress Plugin Instagram Feed Unspecified Vulnerability (1.11.3)
WordPress Plugin Insert or Embed Articulate Content into WordPress Security Bypass (4.2996)
Atlassian Jira Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-39127)