Description
Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPBakery Page Builder Clipboard Cross-Site Scripting (4.5.5)
WordPress Plugin Timetable and Event Schedule by MotoPress Cross-Site Scripting (2.3.18)
WordPress Plugin Events by Devllo Cross-Site Scripting (1.0.4.2)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.22)
Serendipity Improper Access Control Vulnerability (CVE-2016-10082)