A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.
{ "cpes": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:maven:*:*" ], "severity": "Medium" }