CVE-2015-5324Sensitive Information Exposure in Jenkins

CWE-264CWE-200Sensitive Information Exposure7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 48.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedNov 25
Latest updateMay 13

Description

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDjenkins/jenkins1.625.1+1
NVDredhat/openshift3.1+1

🔴Vulnerability Details

3
OSV
Jenkins allows Unauthorized Viewing of Queue API Information2022-05-13
GHSA
Jenkins allows Unauthorized Viewing of Queue API Information2022-05-13
CVEList
CVE-2015-5324: Jenkins before 12015-11-25

📋Vendor Advisories

2
Jenkins
Jenkins Security Advisory 2015-11-112015-11-11
Red Hat
jenkins: Queue API did show items not visible to the current user (SECURITY-186)2015-11-11

💬Community

1
Bugzilla
CVE-2015-5324 jenkins: Queue API did show items not visible to the current user (SECURITY-186)2015-11-16
CVE-2015-5324 — Sensitive Information Exposure | cvebase