Deploy WebLogic Plugin does not perform permission checks on a method implementing form validation. This allows users with Overall/Read access to Jenkins to send an HTTP HEAD request to a user-specified URL, or confirm the existence of any file or directory on the Jenkins controller.
Additionally, the form validation method does not require POST requests, resulting in a CSRF vulnerability.
As of publication of this advisory, there is no fix.