Description

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Related Vulnerabilities

CVE-2017-4974 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

CVE-2019-10343 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2018-17193 Vulnerability in maven package org.apache.nifi:nifi-web-utils

CVE-2014-8115 Vulnerability in maven package org.kie:kie-drools-wb-distribution-wars

CVE-2020-36321 Vulnerability in maven package com.vaadin:flow-server

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory