This advisory announces vulnerabilities in these Jenkins plugins:
Async Http Client Plugin
Build Failure Analyzer Plugin
Image Gallery Plugin
TAP Plugin
Path traversal vulnerability in TAP Plugin
SECURITY-85 / CVE-2016-4986
The plugin did not correctly filter a parameter and allowed reading arbitrary files on the file system.
Path traversal vulnerability in Image Gallery Plugin
SECURITY-278 / CVE-2016-4987
The plugin did not correctly validate form fields and allowed listing arbitrary directories and reading arbitrary files on the file system.
Cross-site scripting vulnerability in Build Failure Analyzer Plugin
SECURITY-290 / CVE-2016-4988
The plugin did not escape a parameter echoed on an HTML page, resulting in a reflected XSS vulnerability.
Async HTTP Client Plugin does not properly validate certificates
SECURITY-305 / CVE-2013-7397 and CVE-2013-7398
Async HTTP Client Plugin provides the Async HTTP Client Java library to other plugins. It is based on the 1.7.x line of AHC, which by default is vulnerable to CVE-2013-7397 and CVE-2013-7398 , allowing man-in-the-middle attacks. The fixes for these vulnerabilities were backported.