WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-5320 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html

https://access.redhat.com/errata/RHSA-2016:0070

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11

Related Vulnerabilities

CVE-2020-17532 Vulnerability in maven package org.apache.servicecomb:foundation-config

CVE-2015-0254 Vulnerability in maven package javax.servlet:jstl

CVE-2020-6452 Vulnerability in npm package electron

CVE-2010-1622 Vulnerability in maven package org.springframework:spring-beans

CVE-2017-1000394 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-200

Tags

Vendor Advisory