Описание
Jenkins discloses project names via fingerprints
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-5317
- https://github.com/jenkinsci/jenkins/commit/0594c4cbccd24d4883fc0150e8fc511c9da63eb4
- https://access.redhat.com/errata/RHSA-2016:0070
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
- http://rhn.redhat.com/errata/RHSA-2016-0489.html
Пакеты
org.jenkins-ci.main:jenkins-core
< 1.625.2
1.625.2
org.jenkins-ci.main:jenkins-core
>= 1.626, < 1.638
1.638
Связанные уязвимости
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 ...