Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2022-41235 Vulnerability in maven package org.jenkins-ci.plugins:wildfly-deployer
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:tomcat-jasper
CVE-2022-34780 Vulnerability in maven package com.xebialabs.ci:xlrelease-plugin
CVE-2023-40312 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2017-5662 Vulnerability in maven package org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom