CVE-2015-5322
Jenkins has Local File Inclusion Vulnerability
EPSS 0.17%
Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
How to fix CVE-2015-5322
To remediate CVE-2015-5322, upgrade the affected package to a fixed version below.
- Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.638 or later
Is CVE-2015-5322 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 1.626, < 1.638
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |