Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.