Description

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.

Remediation

References

CVE-2015-5324

Related Vulnerabilities

WordPress Plugin Form Store to DB includes Backdoor [Only if downloaded via the vendor website] (1.0.9)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)

Apache Tomcat Resource Management Errors Vulnerability (CVE-2011-4858)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35740)

Severity

Medium

Classification

CVE-2015-5324 CWE-264

Tags

Missing Update Known Vulnerabilities