Description

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2019-1003050 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-47551 Vulnerability in maven package io.apiman:apiman-common-config

CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

CVE-2023-26476 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki

CVE-2021-41182 Vulnerability in maven package org.webjars.npm:jquery-ui

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory