Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:0070
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Scores
EPSS
0.0016
EPSS Percentile
37.1%
Details
CWE
CWE-22
Status
published
Products (5)
jenkins/jenkins
< 1.625.1
jenkins/jenkins
< 1.637
org.jenkins-ci.main/jenkins-core
1.626 - 1.638Maven
redhat/openshift
2.0
redhat/openshift
< 3.1
Published
Nov 25, 2015
Tracked Since
Feb 18, 2026