CyberSec.Space Logo
返回 CVE 浏览器

CVE-2015-5317

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score42.6110%
EPSS Percentile95.38th
Published2015年11月25日
Last Modified2026年4月22日

Vulnerability Description

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Affected Platforms (CPE)

📦
Jenkins

Jenkins

<= 1.637
📦
Jenkins

Jenkins

<= 1.625.1
📦
Redhat

Openshift

= 2.0
📦
Redhat

Openshift

<= 3.1

References & Advisories

🔗 http://rhn.redhat.com/errata/RHSA-2016-0489.html
🔗 https://access.redhat.com/errata/RHSA-2016:0070
🔗 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
🔗 http://rhn.redhat.com/errata/RHSA-2016-0489.html
🔗 https://access.redhat.com/errata/RHSA-2016:0070
🔗 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317

相关漏洞威胁

CVE-2019-10030319.9

A sandbox bypass vulnerability exists in Jenkins Matrix Project Plugin 1.13 and earlier in pom.xml, src/main/java/hudson/matrix/Fi...

CVE-2019-10030309.9

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/...

CVE-2019-10030299.9

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/jenkinsci/plugins/sc...

CVE-2019-10030329.9

A sandbox bypass vulnerability exists in Jenkins Email Extension Plugin 2.64 and earlier in pom.xml, src/main/java/hudson/plugins/...