Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
https://access.redhat.com/errata/RHSA-2016:0070
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Related Vulnerabilities
CVE-2015-5346 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2014-3501 Vulnerability in npm package cordova-android
CVE-2010-1157 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2023-22894 Vulnerability in npm package @strapi/strapi
CVE-2022-37023 Vulnerability in maven package org.apache.geode:geode-core