CVE-2015-7538

EUVD-2015-7454
Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
jenkinsjenkins
𝑥
≤ 1.625.1
jenkinsjenkins
𝑥
≤ 1.639
redhatopenshift
𝑥
≤ 3.1
redhatopenshift
2.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jenkins
precise
ignored
trusty
dne
vivid
dne
wily
dne
xenial
dne
yakkety
dne
zesty
dne
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09