UNKNOWN Maven
Jenkins has Information Disclosure via Sidepanel Widget
GHSA-4653-rmch-3g2g · CVE-2015-5321
Published · Modified
Description
The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-5321
- WEB https://github.com/jenkinsci/jenkins/commit/251bdb00ab3cf4435416f0a55fa3bccf7f58896a
- WEB https://github.com/jenkinsci/jenkins/commit/9e439d462c28fe1c96799c89709dc5d0cb8ab8fa
- WEB https://access.redhat.com/errata/RHSA-2016:0070
- PACKAGE https://github.com/jenkinsci/jenkins
- WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
- WEB http://rhn.redhat.com/errata/RHSA-2016-0489.html
Ready to move
Start Securing
Free, no credit card | First findings in minutes