CVE-2015-1808 — Improper Input Validation in Jenkins

CWE-20 — Improper Input Validation8 documents6 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 61.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedOct 16

Latest updateMay 17

Description

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.580.3+1

▶NVDredhat/openshift3.1

🔴Vulnerability Details

GHSA

Jenkins Vulnerable to Denial of Service (DoS)↗2022-05-17

▶

OSV

Jenkins Vulnerable to Denial of Service (DoS)↗2022-05-17

▶

CVEList

CVE-2015-1808: Jenkins before 1↗2015-10-16

▶

📋Vendor Advisories

Red Hat

jenkins: update center metadata retrieval DoS attack (SECURITY-163)↗2015-02-27

▶

💬Community

Bugzilla

CVE-2015-5274 OpenShift 2.2: API command injection vulnerability↗2015-09-12

▶

Bugzilla

CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]↗2015-03-25

▶

Bugzilla

CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)↗2015-03-25

▶