| Vulnerability Name: | CVE-2015-5322 (CCN-108180) | ||||||||
| Assigned: | 2015-11-18 | ||||||||
| Published: | 2015-11-18 | ||||||||
| Updated: | 2019-12-17 | ||||||||
| Summary: | Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/. | ||||||||
| CVSS v3 Severity: | 5.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N) 5.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-22 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-5322 Source: CCN Type: RHSA-2016-0070 Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update Source: CCN Type: RHSA-2016-0489 Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update Source: REDHAT Type: UNKNOWN RHSA-2016:0489 Source: REDHAT Type: UNKNOWN RHSA-2016:0070 Source: XF Type: UNKNOWN jenkins-cve20155322-file-include(108180) Source: CCN Type: Jenkins Security Advisory 2015-11-11 multiple vulnerabilities in Jenkins Source: CONFIRM Type: Vendor Advisory https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-5322 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||