Description
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
Remediation
References
Related Vulnerabilities
Python Numeric Errors Vulnerability (CVE-2010-1634)
Joomla CVE-2019-12764 Vulnerability (CVE-2019-12764)
WordPress Plugin Easy Banners Cross-Site Scripting (1.4)
MySQL CVE-2015-0500 Vulnerability (CVE-2015-0500)
WordPress Plugin Active Directory Integration/LDAP Integration Unspecified Vulnerability (3.6.95)