Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
This issue has been addressed in the following products:
OpenShift Developer Tools and Services for OCP 4.13
Via RHSA-2023:3299 https://access.redhat.com/errata/RHSA-2023:3299
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):