CVE-2015-7537 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.626 <1.640 || >=0 <1.625.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00179 pctl0.39799

Details

Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

Metadata

Created: 2022-05-13T01:30:07Z
Modified: 2025-03-13T18:00:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3vhr-f5xr-8vpx/GHSA-3vhr-f5xr-8vpx.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-3vhr-f5xr-8vpx
Finding: F007
Auto approve: 1