Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.

Arbitrary file read vulnerability in Jenkins Persona Plugin