Description
The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating archives, FilePath#copyRecursiveTo).
Remediation
References
Related Vulnerabilities
WordPress Plugin Catch Under Construction Security Bypass (1.3.4)
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-8143)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-3011)
Apache Traffic Server CVE-2024-56196 Vulnerability (CVE-2024-56196)