Vulnerabilities > Jenkins > Jenkins > 1.609.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-25 | CVE-2015-5319 | XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job. | 5.0 |
2015-11-25 | CVE-2015-5318 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack. | 6.8 |
2015-11-25 | CVE-2015-5317 | Information Exposure vulnerability in Jenkins The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. | 5.0 |