The host is installed with Jenkins LTS before 2.89.4 or Jenkins rolling release before 2.107 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle an issue in input validation. Successful exploitation could allow attackers with Overall/Read permission to download files from the Jenkins master they should not have access to.