Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
https://access.redhat.com/errata/RHSA-2016:0070
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Related Vulnerabilities
CVE-2017-2610 Vulnerability in maven package org.jenkins-ci.main:jenkins-war
CVE-2023-26479 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-parser
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2020-2232 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2017-1000006 Vulnerability in maven package org.webjars.npm:plotly.js