Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-5320

Опубликовано: 25 нояб. 2015
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*
Версия до 3.1 (включая)
Конфигурация 2
cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
Версия до 1.637 (включая)
Конфигурация 3
cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
Версия до 1.625.1 (включая)
Конфигурация 4
cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%
0.00209
Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2015-5320

ubuntu
около 10 лет назад

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.

redhat логотип

CVE-2015-5320

redhat
около 10 лет назад

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.

debian логотип

CVE-2015-5320

debian
около 10 лет назад

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the ...

github логотип

GHSA-449q-v4j2-5h8p

github
больше 3 лет назад

Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor

EPSS

Процентиль: 43%
0.00209
Низкий

5 Medium

CVSS2

Дефекты

CWE-200