Jenkins: >> Jenkins >> 1.609.2 Security Vulnerabilities
XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job.
CVSS Score
5.0
EPSS Score
0.003
Published
2015-11-25
Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.
CVSS Score
6.8
EPSS Score
0.001
Published
2015-11-25
CVE-2015-5317
The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request.
Known exploited
CVSS Score
7.5
EPSS Score
0.397
Published
2015-11-25
Page 21