CVE-2015-5321 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.626 <1.638 || >=0 <1.625.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00154 pctl0.36693

Details

Jenkins has Information Disclosure via Sidepanel Widget The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Metadata

Created: 2022-05-13T01:30:05Z
Modified: 2025-03-13T17:48:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4653-rmch-3g2g/GHSA-4653-rmch-3g2g.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-4653-rmch-3g2g
Finding: F308
Auto approve: 1