← back
CVE-2015-5317

CVE-2015-5317

CVSS 7.5 HIGHEPSS 22.4%● KEVCWE-200
In short

Jenkins allows attackers to access sensitive job and build names through the Fingerprints pages without proper authentication, exposing information that should be private.

Technical detail

Improper access controls on the Fingerprints endpoint in Jenkins before 1.638 (LTS 1.625.2) enable unauthenticated information disclosure via direct HTTP requests, exposing job names, build identifiers, and related metadata to remote attackers.

Summary generated and translated by AI from the official description.
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2016-0489.htmlhttps://access.redhat.com/errata/RHSA-2016:0070https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317