VIR Vulnerability Intelligence Relay

CVE-2015-5320

medium
Published 2015-11-25 · Modified 2025-03-13
CVSS v3
CVSS v2
5.0
VIR risk
5.0

Description

Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.jenkins-ci.main:jenkins-core>=1.626,<1.6381.638
java Mavenorg.jenkins-ci.main:jenkins-core<1.625.21.625.2

Application impact
VendorProductVersionsFixed
redhatopenshift{"endIncluding":"3.1"}
jenkinsjenkins{"endIncluding":"1.637"}
redhatopenshift2.0

References

CWEs

CWE-200

Verify integrity in audit chain (admin only). AS-IS.