CISA KEV 정보
| 취약점명 | Jenkins User Interface (UI) Information Disclosure Vulnerability |
|---|---|
| 설명 | Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-200 |
| 등록일 (KEV) | 2023-05-12 |
| 조치 기한 | 2023-06-02 |
| 추가 참고 | https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317 |
NVD 상세 정보
CVSS v3.1: 7.5 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS v2.0: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N설명: The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
CWE: CWE-200 | CWE-200
참조
- http://rhn.redhat.com/errata/RHSA-2016-0489.html [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2016:0070 [Third Party Advisory]
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 [Vendor Advisory]
- http://rhn.redhat.com/errata/RHSA-2016-0489.html [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2016:0070 [Third Party Advisory]
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5317
This product uses the NVD API but is not endorsed or certified by the NVD.