CVE-2014-3664 — Path Traversal in Jenkins

CWE-22 — Path Traversal7 documents7 sources

Severity

4.0MEDIUMNVD

EPSS

0.2%

top 58.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 15

Latest updateMay 17

Description

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.565.2+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

GHSA

Jenkins Path Traversal vulnerability↗2022-05-17

▶

OSV

Jenkins Path Traversal vulnerability↗2022-05-17

▶

CVEList

CVE-2014-3664: Directory traversal vulnerability in Jenkins before 1↗2014-10-15

▶

📋Vendor Advisories

Red Hat

jenkins: directory traversal flaw (SECURITY-131)↗2014-10-02

▶

Jenkins

Jenkins Security Advisory 2014-10-01↗2014-10-01

▶

💬Community

Bugzilla

CVE-2014-3664 jenkins: directory traversal flaw (SECURITY-131)↗2014-09-30

▶