Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2022-34812 Vulnerability in maven package org.jenkins-ci.plugins:xpath-config-viewer
CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources
CVE-2018-3831 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2017-15680 Vulnerability in maven package org.craftercms:crafter-studio
CVE-2015-3250 Vulnerability in maven package org.apache.directory.api:api-all