Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Remediation

References

CVE-2015-5321

Related Vulnerabilities

Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2021-32476)

Apache HTTP Server Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2001-0131)

MediaWiki Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-35624)

WordPress Plugin Church Admin Arbitrary File Upload (1.2530)

WordPress Plugin WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection-StopBadBots Unspecified Vulnerability (6.66)

Severity

Medium

Classification

CVE-2015-5321 CWE-200

Tags

Missing Update Known Vulnerabilities