5 matches found
Jenkins allows Bypass of Access Restrictions
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...
CVE-2015-5320
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave...
Information disclosure
Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive information or possibly gain administrative access by leveraging knowledge of the name of a slave...
CVE-2015-5325
CVE-2015-5325 affects Jenkins before 1.638 and OpenJenkins LTS before 1.625.2, where a JNLP slave can bypass intended slave-to-master access restrictions. This vulnerability stems from an incomplete fix for CVE-2014-3665. Remediation: upgrade to Jenkins 1.638 or newer, or to LTS 1.625.2 or newer,...
CVE-2015-5325
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665...