CVE Daily

CVE-2015-5325

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended s...

High CVSS 7.5

Overview

Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.

CWE: CWE-284 Published: 2015-11-25T20:59:17.107
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags