← back
CVE-2015-5317

CVE-2015-5317

CVSS 7.5 HIGHEPSS 22.4%● KEVCWE-200
Vexday Risk Score
56Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 22.4%KEV simPoC Patch referenciado
Lifecycle
25 Nov 2015Published on NVD
12 May 2023Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

Jenkins allows attackers to access sensitive job and build names through the Fingerprints pages without proper authentication, exposing information that should be private.

Technical detail

Improper access controls on the Fingerprints endpoint in Jenkins before 1.638 (LTS 1.625.2) enable unauthenticated information disclosure via direct HTTP requests, exposing job names, build identifiers, and related metadata to remote attackers.

Summary generated and translated by AI from the official description.
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2016-0489.htmlhttps://access.redhat.com/errata/RHSA-2016:0070https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317