PT-2015-5451 · Cloudbees+1 · Jenkins

Daniel Beck

·

Publicado

2015-10-16

·

Atualizado

2022-05-17

·

CVE-2015-1808

CVSS v2.0

3.5

Baixa

VetorAV:N/AC:M/Au:S/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.600 Jenkins LTS versions prior to 1.596.1
Description The issue allows remote authenticated users to cause a denial of service through improper plug-in and tool installation via crafted update center data.
Recommendations For Jenkins versions prior to 1.600, update to version 1.600 or later. For Jenkins LTS versions prior to 1.596.1, update to version 1.596.1 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-1808
GHSA-3RWX-3VWH-MWXC
RHSA-2015:1844
RHSA-2016:0070

Produtos afetados

Jenkins