CVE-2015-5317

The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name...

Basic Information

CVE State: PUBLISHED
Reserved Date: July 01, 2015
Published Date: November 25, 2015
Last Updated: February 07, 2025
Vendor: Jenkins
Product: Jenkins
Description: The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0

5.0

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2023-05-12 00:00:00 UTC) Source

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html https://access.redhat.com/errata/RHSA-2016:0070 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Known Exploited Vulnerability Information

Source	Added Date
CISA	2023-05-12 00:00:00 UTC

Timeline

CVE ID Reserved

July 01, 2015
CVE Published to Public

November 25, 2015
Added to KEVIntel

May 12, 2023