Important Information

On August 12th, 2022, many of Keysight’s Network Test, Network Visibility, & Edge to Core (NAS/formerly Ixia) products will migrate to a new license structure.

CRITICAL: If you perform licensing operations after August 12th, 2022, without upgrading the licensing software to the latest version, licenses may not register properly, and some features may be missing. This could impact testing and result in downtime.

For details, click here.

Strike ID:
E18-ua3e1
CVSS:
5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
False Positive:
t
Variants:
1
Year:
2018

Description

The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the "Accept-Language" header. The header will be further used to include a language-specific resource by concatenating the header's content to the resource's path. By exploiting the vulnerability, an attacker could read arbitrary sensitive files from the file system.

CVE

References