CVE-2015-7539 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=0 <1.625.2 || >=1.626 <1.640

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.0104 pctl0.76597

Details

Jenkins does not Verify Checksums for Plugin Files The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.

Metadata

Created: 2022-05-13T01:30:07Z
Modified: 2025-03-13T17:58:11Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x274-9m9r-fm5g/GHSA-x274-9m9r-fm5g.json
CWE IDs: ["CWE-345"]
Alternative ID: GHSA-x274-9m9r-fm5g
Finding: F204
Auto approve: 1