Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-5322)

Description

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

Remediation

References

Related Vulnerabilities

WordPress Plugin Web Directory Free SQL Injection (1.6.9)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4317)

Oracle JRE CVE-2013-0431 Vulnerability (CVE-2013-0431)

phpMyFAQ Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2024-56199)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8149)

Severity

Medium

Classification

CVE-2015-5322 CWE-22

Tags

Missing Update Known Vulnerabilities