Cloudbees · Jenkins · CVE-2015-7539
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 1.640
Jenkins LTS versions prior to 1.625.2
**Description**
The issue concerns the Plugins Manager in Jenkins, which does not verify checksums for plugin files. This makes it easier for attackers to execute arbitrary code via a crafted plugin, particularly in man-in-the-middle attack scenarios.
**Recommendations**
For Jenkins versions prior to 1.640, update to version 1.640 or later.
For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.