CWE-276

A missing permission check in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials, or determine the existence of a file with a given path on the Jenkins master.

A missing permission check in Jenkins Build Failure Analyzer Plugin 1.24.1 and earlier allows attackers with Overall/Read permission to have Jenkins evaluate a computationally expensive regular expression.

A missing permission check in Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows attackers with Overall/Read permission to perform connection tests and determine whether files with an attacker-specified path exist on the Jenkins master file system.

The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.

In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.

In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.