Vulnerability CVE-2015-7539
Published: 2016-02-03

Description:
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Openshift 
Jenkins -> Jenkins 
Cloudbees -> Jenkins 

 References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09
https://access.redhat.com/errata/RHSA-2016:0070
http://rhn.redhat.com/errata/RHSA-2016-0489.html
Copyright 2024, cxsecurity.com

 

Back to Top