Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields.
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20