Cloudbees · Jenkins · CVE-2015-5317
**Name of the Vulnerable Software and Affected Versions**
Jenkins versions prior to 1.638
Jenkins LTS versions prior to 1.625.2
**Description**
The issue allows remote attackers to obtain sensitive job and build name information via a direct request to the Fingerprints pages. This is an information disclosure vulnerability related to the Jenkins User Interface.
**Recommendations**
For Jenkins versions prior to 1.638, update to version 1.638 or later.
For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.