Jenkins has Local File Inclusion Vulnerability

GHSA-89vc-7frq-2rfj · CVE-2015-5322

Published May 13, 2022 · Modified Mar 13, 2025

Description

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-5322
WEB https://github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592
WEB https://access.redhat.com/errata/RHSA-2016:0070
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
WEB http://rhn.redhat.com/errata/RHSA-2016-0489.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes