CVE-2015-5322Path Traversal in Jenkins

CWE-22Path Traversal7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 61.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedNov 25
Latest updateMay 13

Description

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDjenkins/jenkins1.637+1
NVDredhat/openshift3.1+1

🔴Vulnerability Details

3
GHSA
Jenkins has Local File Inclusion Vulnerability2022-05-13
OSV
Jenkins has Local File Inclusion Vulnerability2022-05-13
CVEList
CVE-2015-5322: Directory traversal vulnerability in Jenkins before 12015-11-25

📋Vendor Advisories

2
Red Hat
jenkins: Local file inclusion vulnerability (SECURITY-195)2015-11-11
Jenkins
Jenkins Security Advisory 2015-11-112015-11-11

💬Community

1
Bugzilla
CVE-2015-5322 jenkins: Local file inclusion vulnerability (SECURITY-195)2015-11-16
CVE-2015-5322 — Path Traversal in Jenkins | cvebase