Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
{ "cpes": [ "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*" ], "severity": "Medium" }