Moderate severityNVD Advisory· Published Nov 25, 2015· Updated Jun 17, 2026
CVE-2015-5322
CVE-2015-5322
Description
Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal sequences in a request to jnlpJars/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.main:jenkins-coreMaven | >= 1.626, < 1.638 | 1.638 |
org.jenkins-ci.main:jenkins-coreMaven | < 1.625.2 | 1.625.2 |
Affected products
5cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <=1.637
- cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*range: <=1.625.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-89vc-7frq-2rfjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-5322ghsaADVISORY
- wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11nvdVendor AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0489.htmlnvdWEB
- access.redhat.com/errata/RHSA-2016:0070nvdWEB
- github.com/jenkinsci/jenkins/commit/5431e397216b4ab80e58bdabcb06a0066bce6592ghsaWEB
News mentions
0No linked articles in our index yet.