Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Remediation

References

CVE-2015-5321

Related Vulnerabilities

WordPress Plugin Product Feed on WooCommerce for Google, Awin, Shareasale, Bing, and More SQL Injection (3.3.0.3)

Liferay Portal Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-29040)

ownCloud Improper Authentication Vulnerability (CVE-2014-2047)

Joomla Other Vulnerability (CVE-2006-4473)

WordPress Plugin Video Gallery-Vimeo and YouTube Gallery Cross-Site Scripting (1.1.4)

Severity

Medium

Classification

CVE-2015-5321 CWE-200

Tags

Missing Update Known Vulnerabilities