Ari Rubinstein

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2 **Description** A directory traversal issue allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources. This is achieved by using directory traversal sequences in a request to the "jnlpJars/" endpoint. **Recommendations** For Jenkins versions prior to 1.638, update to version 1.638 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.