Description

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api.

Remediation

References

CVE-2015-5324

Related Vulnerabilities

WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)

Oracle HTTP Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2015-2808)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1938)

MySQL Improper Input Validation Vulnerability (CVE-2012-5614)

WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)

Severity

Medium

Classification

CVE-2015-5324 CWE-264

Tags

Missing Update Known Vulnerabilities