Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2022-46683 Vulnerability in maven package org.jenkins-ci.plugins:google-login
CVE-2021-27905 Vulnerability in maven package org.apache.solr:solr-core
CVE-2019-10080 Vulnerability in maven package org.apache.nifi:nifi-lookup-services
CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk15on
CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js