Description

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2017-7957 Vulnerability in maven package org.jvnet.hudson:xstream

CVE-2021-21638 Vulnerability in maven package org.jenkins-ci.plugins:tfs

CVE-2014-3623 Vulnerability in maven package org.apache.wss4j:wss4j

CVE-2018-1067 Vulnerability in maven package io.undertow:undertow-core

CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-bundle-minimal

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory