A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.
https://jenkins.io/security/advisory/2019-10-23/#SECURITY-1073