CVE-2015-5320
EPSS 0.12%Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor
發布日:2022/5/13修改日:2025/3/13
描述
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.626, < 1.638
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |