CVE-2015-5322 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.626 <1.638 || >=0 <1.625.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00229 pctl0.45652

Details

Jenkins has Local File Inclusion Vulnerability Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

Metadata

Created: 2022-05-13T01:30:06Z
Modified: 2025-03-13T17:50:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-89vc-7frq-2rfj/GHSA-89vc-7frq-2rfj.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-89vc-7frq-2rfj
Finding: F063
Auto approve: 1