CVE-2015-5317

Published: Nov 25, 2015Modified: Apr 22, 2026CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Affected (4)

Products: Jenkins: Jenkins · Redhat: Openshift

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 1.637

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 1.625.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	Version 2.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	Up to 3.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (7)

http://rhn.redhat.com/errata/RHSA-2016-0489.html

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:0070

Source: secalert@redhat.com

Third Party Advisory

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2016-0489.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:0070

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.