Description
Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
Scores
CVSS v3
6.5
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
com.tupilabs.image_gallery/image-gallery
0 - 1.4Maven
jenkins/image_gallery
< 1.4
Published
Feb 09, 2017
Tracked Since
Feb 18, 2026