| Vulnerability Name: | CVE-2015-5320 (CCN-108177) | ||||||||
| Assigned: | 2015-11-18 | ||||||||
| Published: | 2015-11-18 | ||||||||
| Updated: | 2019-12-17 | ||||||||
| Summary: | Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave. | ||||||||
| CVSS v3 Severity: | 9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2015-5320 Source: CCN Type: RHSA-2016-0070 Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update Source: CCN Type: RHSA-2016-0489 Important: Red Hat OpenShift Enterprise 2.2.9 security, bug fix, and enhancement update Source: REDHAT Type: UNKNOWN RHSA-2016:0489 Source: REDHAT Type: UNKNOWN RHSA-2016:0070 Source: XF Type: UNKNOWN jenkins-jnlp-cve20155320-unauth-access(108177) Source: CCN Type: Jenkins Security Advisory 2015-11-11 multiple vulnerabilities in Jenkins Source: CONFIRM Type: Vendor Advisory https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-5320 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||