Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2015-5318

Published: 25/11/2015 Updated: 17/12/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Jenkins

Vulnerability Summary

Jenkins prior to 1.638 and LTS prior to 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote malicious users to bypass the CSRF protection mechanism via a brute force attack.

Vulnerable Product Search on Vulmon Subscribe to Product

jenkins jenkins

redhat openshift

redhat openshift 2.0

Vendor Advisories

Red Hat: CVE-2015-5318
Jenkins before 1638 and LTS before 16252 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack ...

References

CWE-352https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11https://access.redhat.com/errata/RHSA-2016:0070http://rhn.redhat.com/errata/RHSA-2016-0489.htmlhttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-5318
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook