Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Remediation

References

CVE-2015-5321

Related Vulnerabilities

Claroline Other Vulnerability (CVE-2007-3517)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4297)

WordPress Plugin Waitlist Woocommerce (Back in stock notifier) Cross-Site Request Forgery (2.5.1)

WordPress Plugin mTouch Quiz Multiple Vulnerabilities (3.0.6)

Squid Out-of-bounds Write Vulnerability (CVE-2019-12519)

Severity

Medium

Classification

CVE-2015-5321 CWE-200

Tags

Missing Update Known Vulnerabilities