Jenkins has a missing permission check, allowing users to obtain agent names