CVE-2016-4987: Jenkins Image Gallery Plugin allows Path Traversal

May 13, 2022 (updated March 13, 2025)

Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.

References

github.com/advisories/GHSA-8xr3-54w2-8xjp
github.com/jenkinsci/image-gallery-plugin
github.com/jenkinsci/image-gallery-plugin/commit/20f02f6d53e642431d5e1181a8e7be7971538d50
nvd.nist.gov/vuln/detail/CVE-2016-4987
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20

Detect and mitigate CVE-2016-4987 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →