CyberSec.Space Logo
Back to CVE Browser

CVE-2015-5317

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score42.6110%
EPSS Percentile95.38th
PublishedNov 25, 2015
Last ModifiedApr 22, 2026

Vulnerability Description

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Affected Platforms (CPE)

πŸ“¦
Jenkins

Jenkins

<= 1.637
πŸ“¦
Jenkins

Jenkins

<= 1.625.1
πŸ“¦
Redhat

Openshift

= 2.0
πŸ“¦
Redhat

Openshift

<= 3.1

References & Advisories

πŸ”— http://rhn.redhat.com/errata/RHSA-2016-0489.html
πŸ”— https://access.redhat.com/errata/RHSA-2016:0070
πŸ”— https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
πŸ”— http://rhn.redhat.com/errata/RHSA-2016-0489.html
πŸ”— https://access.redhat.com/errata/RHSA-2016:0070
πŸ”— https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317

Related Vulnerabilities

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2019-10030309.9

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/...

CVE-2019-10030299.9

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc...

CVE-2019-10030329.9

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/...