Description

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages.

Remediation

References

CVE-2015-5321

Related Vulnerabilities

WordPress 4.5.x Cross-Domain Flash Injection Vulnerability (4.5 - 4.5.12)

WordPress Plugin Product Catalog Multiple Vulnerabilities (4.2.11)

Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)

osCommerce Other Vulnerability (CVE-2006-5190)

WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.20)

Severity

Medium

Classification

CVE-2015-5321 CWE-200

Tags

Missing Update Known Vulnerabilities