Veracode Vulnerability DatabaseVERACODE:16485Directory Traversal
0.002 Low
EPSS
Percentile
52.3%
jenkins is vulnerable to directory traversal. It was found that when building artifacts, the Jenkins server would follow symbolic links, potentially resulting in disclosure of information on the server.
References
rhn.redhat.com/errata/RHSA-2015-1844.html
access.redhat.com/errata/RHSA-2016:0070
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1062253
bugzilla.redhat.com/show_bug.cgi?id=1128567
bugzilla.redhat.com/show_bug.cgi?id=1130028
bugzilla.redhat.com/show_bug.cgi?id=1138522
bugzilla.redhat.com/show_bug.cgi?id=1152524
bugzilla.redhat.com/show_bug.cgi?id=1160699
bugzilla.redhat.com/show_bug.cgi?id=1171815
bugzilla.redhat.com/show_bug.cgi?id=1191283
bugzilla.redhat.com/show_bug.cgi?id=1197123
bugzilla.redhat.com/show_bug.cgi?id=1197576
bugzilla.redhat.com/show_bug.cgi?id=1205622
bugzilla.redhat.com/show_bug.cgi?id=1216206
bugzilla.redhat.com/show_bug.cgi?id=1217572
bugzilla.redhat.com/show_bug.cgi?id=1221931
bugzilla.redhat.com/show_bug.cgi?id=1225943
bugzilla.redhat.com/show_bug.cgi?id=1226061
bugzilla.redhat.com/show_bug.cgi?id=1227501
bugzilla.redhat.com/show_bug.cgi?id=1228373
bugzilla.redhat.com/show_bug.cgi?id=1229300
bugzilla.redhat.com/show_bug.cgi?id=1232827
bugzilla.redhat.com/show_bug.cgi?id=1232921
bugzilla.redhat.com/show_bug.cgi?id=1241750
bugzilla.redhat.com/show_bug.cgi?id=1257757
bugzilla.redhat.com/show_bug.cgi?id=1264039
bugzilla.redhat.com/show_bug.cgi?id=1264210
bugzilla.redhat.com/show_bug.cgi?id=1264216
rhn.redhat.com/errata/RHSA-2015-1844.html
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related
