cbcvebase.
CVE-2015-5317
published 2015-11-25

CVE-2015-5317: The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a…

PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-06-02
Exploited in the wild
EPSS
22.43%
97.4th percentile
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Affected

6 ranges
VendorProductVersion rangeFixed in
jenkinsjenkins<= 1.637
jenkinsjenkins<= 1.625.1
jenkinsjenkins_core
jenkinsjenkins_lts
redhatopenshift<= 3.1
redhatopenshift

Detection & IOCsextracted from sources · hover to see the quote

  • Detect direct requests to Jenkins Fingerprints pages, which may indicate exploitation of the information disclosure vulnerability
  • Monitor for unauthenticated or unauthorized access to Jenkins Fingerprints UI pages, which expose job and build names to users who should not have access
  • ·Vulnerability affects Jenkins versions before 1.638 (main line) and LTS before 1.625.2; ensure patched versions are deployed
  • ·Information disclosed is limited to job and build names; no direct control mechanism exists for users over what is revealed via Fingerprints pages

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
cisa7.5HIGH
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.