CVE-2015-5318 in CloudBees Jenkinsinfo

Summary

CloudBees Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism via a brute force attack.

Reservation

07/01/2015

Disclosure

11/25/2015

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
79319CloudBees Jenkins Salt Cookie cross-site request forgery352Not definedOfficial fixCVE-2015-5318

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!