[org.jenkins-ci.plugins:publish-over-ftp] Missing permission checks in Jenkins Publish Over FTP Plugin

Missing permission checks in Jenkins Publish Over FTP Plugin prior to 1.17 allow attackers with Overall/Read permission to connect to an FTP server using attacker-specified credentials.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-29051
• https://www.jenkins.io/security/advisory/2022-04-12/#SECURITY-2321
• https://github.com/jenkinsci/publish-over-ftp-plugin/commit/b265201428557ab91304e06199ad38221efc23e7
• https://github.com/advisories/GHSA-5pv7-hx9m-8jh3