CVE-2015-5317
unknown
KEV
CVSS v3
—
CVSS v2
—
VIR risk
1.5
Description
Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.
CISA KEV
- Vendor
- Jenkins
- Product
- Jenkins User Interface (UI)
- Due date
- 2023-06-02
Predictions
Exploit likelihood
99%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cisa-kev — https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
Exploits
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.jenkins-ci.main:jenkins-core | <1.625.2 | 1.625.2 |
| Maven | org.jenkins-ci.main:jenkins-core | >=1.626,<1.638 | 1.638 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2015-5317
- https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4
- https://access.redhat.com/errata/RHSA-2016:0070
- https://github.com/jenkinsci/jenkins
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
- http://rhn.redhat.com/errata/RHSA-2016-0489.html
- https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317
Verify integrity in audit chain (admin only). AS-IS.