CVE-2015-5317

HIGH KEV

Jenkins <1.638-1.625.2 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2015-5317 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 12, 2023.

Description

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

References (4)

Core 4

Core References

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0489.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2016:0070

Vendor Advisory x_refsource_confirm

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317

Scores

CVSS v3 7.5

EPSS 0.3970

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2023-05-12

VulnCheck KEV 2023-05-12

InTheWild.io 2023-05-12

ENISA EUVD EUVD-2015-5288

CWE

CWE-200

Status published

Products (5)

jenkins/jenkins < 1.625.1

jenkins/jenkins < 1.637

org.jenkins-ci.main/jenkins-core 0 - 1.625.2Maven

redhat/openshift 2.0

redhat/openshift < 3.1

Published Nov 25, 2015

KEV Added May 12, 2023

Tracked Since Feb 18, 2026