CVE-2015-5317 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.625.2 || >=1.626 <1.638

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.28615 pctl0.96369

Details

Jenkins discloses project names via fingerprints The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.

Metadata

Created: 2022-05-13T01:30:06Z
Modified: 2025-02-07T20:53:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8pqx-3rxx-f5pm/GHSA-8pqx-3rxx-f5pm.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-8pqx-3rxx-f5pm
Finding: F038
Auto approve: 1