CVE-2015-5322: Jenkins has Local File Inclusion Vulnerability

May 13, 2022 (updated March 13, 2025)

Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.

References

access.redhat.com/errata/RHSA-2016:0070
github.com/advisories/GHSA-89vc-7frq-2rfj
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592
nvd.nist.gov/vuln/detail/CVE-2015-5322
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Detect and mitigate CVE-2015-5322 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →