CVE-2015-7536
MEDIUMJenkins < 1.640 and LTS < 1.625.2 - Authenticated Cross-Site Scripting via Workspace and Archived Artifacts
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
Scores
CVSS v3
5.4
EPSS
0.0029
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
jenkins/jenkins
< 1.625.1
jenkins/jenkins
< 1.639
org.jenkins-ci.main/jenkins-core
1.626 - 1.640Maven
Published
Feb 03, 2016
Tracked Since
Feb 18, 2026