CVE-2015-7538

HIGH

Jenkins <1.640-1.625.2 - CSRF Bypass

Title source: llm
STIX 2.1

Description

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:0070

Scores

CVSS v3 8.8
EPSS 0.0023
EPSS Percentile 46.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (5)
jenkins/jenkins < 1.625.1
jenkins/jenkins < 1.639
org.jenkins-ci.main/jenkins-core 1.626 - 1.640Maven
redhat/openshift 2.0
redhat/openshift < 3.1
Published Feb 03, 2016
Tracked Since Feb 18, 2026