A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and previous versions allows malicious users to to promote builds.
An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 31 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read permission for parent folders ...