Jenkins Accept-Language Header Directory Traversal

Strike ID:
E18-ua3e1
CVSS:
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
False Positive:
f
Variants:
1
Year:
2018

Description

The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the "Accept-Language" header. The header will be further used to include a language-specific resource by concatenating the header's content to the resource's path. By exploiting the vulnerability, an attacker could read arbitrary sensitive files from the file system.

CVE

References