Jenkins Path Traversal vulnerability

2022-05-1701:24:36

Google

osv.dev

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.2%

JSON

Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors.

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-coreeq1.581
org.jenkins-ci.main:jenkins-coreeq1.571
org.jenkins-ci.main:jenkins-coreeq1.442
org.jenkins-ci.main:jenkins-coreeq1.488
org.jenkins-ci.main:jenkins-coreeq1.424
org.jenkins-ci.main:jenkins-coreeq1.500
org.jenkins-ci.main:jenkins-coreeq1.510
org.jenkins-ci.main:jenkins-coreeq1.456
org.jenkins-ci.main:jenkins-coreeq1.509.4
org.jenkins-ci.main:jenkins-coreeq1.498

Name	Operator	Version
org.jenkins-ci.main:jenkins-core	eq	1.581
org.jenkins-ci.main:jenkins-core	eq	1.571
org.jenkins-ci.main:jenkins-core	eq	1.442
org.jenkins-ci.main:jenkins-core	eq	1.488
org.jenkins-ci.main:jenkins-core	eq	1.424
org.jenkins-ci.main:jenkins-core	eq	1.500
org.jenkins-ci.main:jenkins-core	eq	1.510
org.jenkins-ci.main:jenkins-core	eq	1.456
org.jenkins-ci.main:jenkins-core	eq	1.509.4
org.jenkins-ci.main:jenkins-core	eq	1.498