logo
DATABASE RESOURCES PRICING ABOUT US

jenkins -- Path traversal vulnerability allows access to files outside plugin resources

Description

Jenkins developers report: Jenkins did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any jenkins 2.106
FreeBSD any jenkins-lts 2.89.3

Related