Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2015-5325
HistoryNov 25, 2015 - 8:59 p.m.

CVE-2015-5325

2015-11-2520:59:17
CWE-284
redhat
web.nvd.nist.gov
36
jenkins
access restrictions
security vulnerability
cve-2015-5325
jnlp slave

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.

Affected configurations

Nvd
Node
redhatopenshiftRange3.1enterprise
Node
redhatopenshiftMatch2.0
Node
jenkinsjenkinsRange1.625.1lts
Node
jenkinsjenkinsRange1.637
VendorProductVersionCPE
redhatopenshift*cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*
redhatopenshift2.0cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*
jenkinsjenkins*cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
jenkinsjenkins*cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*

Related

ubuntucve 2
cvelist 2
prion 2
nvd 2
fedora 4
nessus 5
openvas 5
veracode 12
cve 1
github 1
osv 1
archlinux 1
freebsd 1
redhat 3
ubuntucve
ubuntucve
CVE-2015-5325
2015-11-25 00:00:00
CVE-2014-3665
2015-11-25 00:00:00
cvelist
cvelist
CVE-2015-5325
2015-11-25 20:00:00
CVE-2014-3665
2015-11-25 20:00:00
prion
prion
Code injection
2015-11-25 20:59:00
Code injection
2015-11-25 20:59:00
nvd
nvd
CVE-2015-5325
2015-11-25 20:59:17
CVE-2014-3665
2015-11-25 20:59:00
fedora
fedora
[SECURITY] Fedora 22 Update: jenkins-1.609.3-3.fc22
2015-11-26 04:57:56
[SECURITY] Fedora 22 Update: jenkins-remoting-2.53-1.fc22
2015-11-26 04:57:56
[SECURITY] Fedora 23 Update: jenkins-remoting-2.53-1.fc23
2015-11-23 00:30:04
nessus
nessus
Fedora 22 : jenkins-1.609.3-3.fc22 / jenkins-remoting-2.53-1.fc22 (2015-a433d8ba72)
2016-03-04 00:00:00
FreeBSD : jenkins -- slave-originated arbitrary code execution on master servers (0dad9114-60cc-11e4-9e84-0022156e8794)
2014-11-03 00:00:00
Fedora 23 : jenkins-1.625.2-2.fc23 / jenkins-remoting-2.53-1.fc23 (2015-d02feebd15)
2016-03-04 00:00:00
openvas
openvas
Jenkins Remote Code Execution Vulnerability (Nov 2014) - Windows
2015-12-15 00:00:00
Jenkins Remote Code Execution Vulnerability (Nov 2014) - Linux
2016-08-05 00:00:00
Jenkins CLI Multiple Vulnerabilities
2015-11-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:56:01
Cross-Site Scripting (XSS)
2019-05-02 05:21:31
Sensitive Information Disclosure
2019-05-02 05:21:25
cve
cve
CVE-2014-3665
2015-11-25 20:59:00
github
github
Jenkins improperly ensures trust separation
2022-05-17 03:53:35
osv
osv
Jenkins improperly ensures trust separation
2022-05-17 03:53:35
archlinux
archlinux
jenkins: multiple issues
2015-11-18 00:00:00
freebsd
freebsd
jenkins -- slave-originated arbitrary code execution on master servers
2014-10-30 00:00:00
redhat
redhat
(RHSA-2016:22381) Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
2016-01-11 05:00:00
(RHSA-2016:0489) Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update
2016-03-22 00:00:00
(RHSA-2016:0070) Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update
2016-01-26 19:01:15

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.5

Confidence

High

EPSS

0.02

Percentile

89.0%

JSON
Related for CVE-2015-5325
ubuntucve2cvelist2prion2nvd2fedora4nessus5openvas5veracode12cve1github1osv1archlinux1freebsd1redhat3