https://bugzilla.redhat.com/show_bug.cgi?id=1282365
Bug ID: 1282365
Summary: CVE-2015-5322 jenkins: Local file inclusion
vulnerability (SECURITY-195)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jdetiber(a)redhat.com, jialiu(a)redhat.com,
jkeck(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kseifried(a)redhat.com,
lmeyer(a)redhat.com, mizdebsk(a)redhat.com,
mmccomas(a)redhat.com, msrb(a)redhat.com
The following flaw was found in Jenkins:
Access to the /jnlpJars/ URL was not limited to the specific JAR files users
needed to access, allowing browsing directories and downloading other files in
the Jenkins servlet resources, such as web.xml.
The information gained is very limited, and it requires a specific setup to
gain any non-public information this way.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=IMdsIBEfX4&a=cc_unsubscribe