CVE-2015-7537 — Cross-Site Request Forgery in Jenkins

CWE-352 — Cross-Site Request Forgery8 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 39.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Redhat Openshift

Timeline

PublishedFeb 3

Latest updateMay 13

Description

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDjenkins/jenkins1.625.1+1

▶NVDredhat/openshift3.1+1

🔴Vulnerability Details

GHSA

Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack↗2022-05-13

▶

OSV

Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack↗2022-05-13

▶

CVEList

CVE-2015-7537: Cross-site request forgery (CSRF) vulnerability in Jenkins before 1↗2016-02-03

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2015-12-09↗2015-12-09

▶

Red Hat

jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)↗2015-12-09

▶

💬Community

Bugzilla

CVE-2015-7536 CVE-2015-7537 CVE-2015-7538 CVE-2015-7539 jenkins: various flaws [fedora-all]↗2015-12-15

▶

Bugzilla

CVE-2015-7537 jenkins: CSRF vulnerability in some administrative actions (SECURITY-225)↗2015-12-15

▶