Jenkins » Jenkins : Security Vulnerabilities, CVEs, Published In 2015 (Information Leak) CVSS score >= 5

CVE-2015-5321

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
Max CVSS
5.0
EPSS Score
0.31%
Published
2015-11-25
Updated
2019-12-17

CVE-2015-5320

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.
Max CVSS
5.0
EPSS Score
0.31%
Published
2015-11-25
Updated
2019-12-17

CVE-2015-5317

Known exploited
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
Max CVSS
5.0
EPSS Score
4.88%
Published
2015-11-25
Updated
2019-12-17
CISA KEV Added
2023-05-12
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close