Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Remediation

References

CVE-2015-5321

Related Vulnerabilities

TYPO3 Use of Insufficiently Random Values Vulnerability (CVE-2010-3666)

WordPress Plugin Simple Flash Video Cross-Site Scripting (1.7)

WordPress Plugin WP-Cal 'id' Parameter SQL Injection (0.3)

WordPress Plugin 10WebAnalytics Cross-Site Request Forgery (1.2.8)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)

Severity

Medium

Classification

CVE-2015-5321 CWE-200

Tags

Missing Update Known Vulnerabilities