Description

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html

https://access.redhat.com/errata/RHSA-2016:0070

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Related Vulnerabilities

CVE-2022-34812 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer

CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2018-3831 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2017-15680 Vulnerability in maven package org.craftercms:crafter-studio

CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-all

Severity

Critical

Classification

CWE-22

Tags

Vendor Advisory