jenkins -- Path traversal vulnerability allows access to files outside plugin resources

2018-02-14T00:00:00
ID 5D374FBB-BAE3-45DB-AFC0-795684AC7353
Type freebsd
Reporter FreeBSD
Modified 2018-02-14T00:00:00

Description

Jenkins developers report:

Jenkins did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to.