Angã©Lique Jard

**Name of the Vulnerable Software and Affected Versions** Jenkins versions 2.299 and earlier Jenkins LTS versions 2.289.1 and earlier **Description** The issue allows users to cancel queue items and abort builds of jobs for which they have `Item/Cancel` permission even when they do not have `Item/Read` permission. This can be exploited by users with `Item/Cancel` permission to affect jobs without having the necessary `Item/Read` permission. **Recommendations** For Jenkins versions 2.299 and earlier, do not grant `Item/Cancel` permission to users who do not have `Item/Read` permission as a workaround. For Jenkins LTS versions 2.289.1 and earlier, do not grant `Item/Cancel` permission to users who do not have `Item/Read` permission as a workaround.