8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
77.3%
Jenkins Security Advisory:
Description
SECURITY-95 / CVE-2015-7536 (Stored XSS vulnerability through workspace files and archived artifacts)
In certain configurations, low privilege users were able to
create e.g. HTML files in workspaces and archived artifacts that
could result in XSS when accessed by other users. Jenkins now sends
Content-Security-Policy headers that enables sandboxing and
prohibits script execution by default.
SECURITY-225 / CVE-2015-7537 (CSRF vulnerability in some administrative actions)
Several administration/configuration related URLs could be
accessed using GET, which allowed attackers to circumvent CSRF
protection.
SECURITY-233 / CVE-2015-7538 (CSRF protection ineffective)
Malicious users were able to circumvent CSRF protection on any
URL by sending specially crafted POST requests.
SECURITY-234 / CVE-2015-7539 (Jenkins plugin manager vulnerable to MITM attacks)
While the Jenkins update site data is digitally signed, and the
signature verified by Jenkins, Jenkins did not verify the provided
SHA-1 checksums for the plugin files referenced in the update site
data. This enabled MITM attacks on the plugin manager, resulting
in installation of attacker-provided plugins.
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
77.3%