5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)False Positive:
The strike exploits an authenticated directory traversal vulnerability in Jenkins CI Server. The vulnerable code resides within Stapler web framework used by Jenkins, and lacks input validation when processing the Accept-Language header. The header will be further used to include a language-specific resource by concatenating the headers content to the resources path. By exploiting the vulnerability, an attacker could read arbitrary sensitive files from the file system.