CVE-2015-5321

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Published Bysecalert@redhat.com

Published DateNov 25, 2015, 20:59

Affected Versions(2)

org.jenkins-ci.main:jenkins-core(Maven)

Introduced1.626

Fixed1.638

LimitN/A

org.jenkins-ci.main:jenkins-core(Maven)

Introduced0

Fixed1.625.2

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.jenkins-ci.main:jenkins-core(Maven)	1.626	1.638	N/A
org.jenkins-ci.main:jenkins-core(Maven)	0	1.625.2	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE