Jenkins CVE-2018-6356 Directory Traversal Vulnerability
Jenkins is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker can exploit this issue using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory to obtain sensitive information and perform other attacks.
The following versions are affected:
Jenkins 2.106 and prior versions.
Jenkins LTS 2.89.3 and prior versions.