Description

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2018-12536 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2019-10406 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2012-0392 Vulnerability in maven package com.opensymphony:xwork-core

CVE-2019-20903 Vulnerability in npm package @atlaskit/editor-core

CVE-2023-29199 Vulnerability in npm package vm2

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory