CVE-2015-5317

HIGH KEV

Jenkins <1.638-1.625.2 - Info Disclosure

Title source: llm

Description

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

References (4)

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2016-0489.html

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2016:0070

[Vendor Advisory] https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317

Scores

CVSS v3 7.5

EPSS 0.2739

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitation Intel

CISA KEV 2023-05-12

VulnCheck KEV 2023-05-12

InTheWild.io 2023-05-12

ENISA EUVD EUVD-2015-5288

Classification

CWE

CWE-200

Status draft

Affected Products (5)

jenkins/jenkins < 1.637

jenkins/jenkins < 1.625.1

redhat/openshift

redhat/openshift < 3.1

org.jenkins-ci.main/jenkins-core < 1.625.2Maven

Timeline

Published Nov 25, 2015

KEV Added May 12, 2023

Tracked Since Feb 18, 2026