PT-2015-6855 · Cloudbees+1 · Jenkins
Ari Rubinstein
·
Publicado
2015-11-25
·
Atualizado
2022-05-13
·
CVE-2015-5322
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Jenkins versions prior to 1.638
Jenkins LTS versions prior to 1.625.2
Description
A directory traversal issue allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources. This is achieved by using directory traversal sequences in a request to the "jnlpJars/" endpoint.
Recommendations
For Jenkins versions prior to 1.638, update to version 1.638 or later.
For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Jenkins