Description

Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.

Remediation

References

CVE-2015-1808

Related Vulnerabilities

Vulnerable JavaScript libraries

WordPress Plugin Instagram Plugin-InstaLinker Cross-Site Scripting (1.1.1)

WordPress Plugin MStore API-Create Native Android & iOS Apps On The Cloud Arbitrary File Upload (3.4.4)

WordPress Plugin Sell Media Cross-Site Request Forgery (2.5.5)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3009)

Severity

Low

Classification

CVE-2015-1808 CWE-20

Tags

Missing Update Known Vulnerabilities