CVE-2015-5321 — Sensitive Information Exposure in Jenkins

CWE-200 — Sensitive Information Exposure7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 56.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedNov 25

Latest updateMay 13

Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.625.1+1

▶NVDredhat/openshift3.1+1

🔴Vulnerability Details

GHSA

Jenkins has Information Disclosure via Sidepanel Widget↗2022-05-13

▶

OSV

Jenkins has Information Disclosure via Sidepanel Widget↗2022-05-13

▶

CVEList

CVE-2015-5321: The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1↗2015-11-25

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2015-11-11↗2015-11-11

▶

Red Hat

jenkins: Information disclosure via sidepanel (SECURITY-192)↗2015-11-11

▶

💬Community

Bugzilla

CVE-2015-5321 jenkins: Information disclosure via sidepanel (SECURITY-192)↗2015-11-16

▶