CVE-2022-36892
CVE-2022-36892 affects Jenkins rhnpush-plugin up to version 0.5.1. The issue is missing a permission check in the form validation path, allowing users with Item/Read but without Item/Workspace or Item/Configure to determine if attacker-specified file patterns match workspace contents. The vulnera...