Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va3bb89f8a95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files on the controller file system. This allows attackers with Overall/Read permission to check for the existence of files on the controller file system. Script Security Plugin 1368.vbb402e3547e7 requires Overall/Administer permission for the affected form validation method.
{ "nvd_published_at": "2024-11-13T21:15:29Z", "cwe_ids": [ "CWE-306", "CWE-862" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-11-14T15:35:54Z" }