Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Remediation

References

CVE-2015-5321

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2001-1342)

WordPress Plugin Thrive Ultimatum Security Bypass (2.3.9.3)

WordPress Plugin Tickera-WordPress Event Ticketing Unspecified Vulnerability (3.4.6.7)

Atlassian Jira CVE-2021-26076 Vulnerability (CVE-2021-26076)

WordPress Plugin Events Made Easy PHP Object Injection (2.0.52)

Severity

Medium

Classification

CVE-2015-5321 CWE-200

Tags

Missing Update Known Vulnerabilities