Description

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html

https://access.redhat.com/errata/RHSA-2016:0070

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Related Vulnerabilities

CVE-2022-43430 Vulnerability in maven package com.compuware.jenkins:compuware-topaz-for-total-test

CVE-2019-17557 Vulnerability in maven package org.apache.syncope:syncope-client

CVE-2022-34208 Vulnerability in maven package org.jenkins-ci.plugins:beaker-builder

CVE-2021-43297 Vulnerability in maven package com.alibaba:hessian-lite

CVE-2017-1000006 Vulnerability in npm package plotly.js

Severity

Critical

Classification

CWE-22

Tags

Vendor Advisory