CVE-2015-5326: XSS
First published: Mon Nov 16 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/Jenkins | <1.638 | 1.638 |
| redhat/Jenkins | <1.625.2 | 1.625.2 |
| Jenkins LTS | <=1.637 | |
| Red Hat OpenShift | <=3.1 | |
| Red Hat OpenShift | =2.0 | |
| Jenkins LTS | <=1.625.1 | |
| maven/org.jenkins-ci.main:jenkins-core | >=1.626<1.638 | 1.638 |
| maven/org.jenkins-ci.main:jenkins-core | <1.625.2 | 1.625.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
- https://access.redhat.com/errata/RHSA-2016:0070
- https://rhn.redhat.com/errata/RHSA-2016-0489.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1282369
- http://rhn.redhat.com/errata/RHSA-2016-0489.html
- https://nvd.nist.gov/vuln/detail/CVE-2015-5326
- https://github.com/jenkinsci/jenkins/commit/abe561499bbba2e725804c1117fc957028bbd608
- https://github.com/advisories/GHSA-5mwr-jg3r-jv66 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2015-5326?
CVE-2015-5326 is rated as a moderate severity vulnerability.
How do I fix CVE-2015-5326?
To fix CVE-2015-5326, upgrade Jenkins to version 1.638 or later, or LTS to 1.625.2 or later.
What type of vulnerability is CVE-2015-5326?
CVE-2015-5326 is a cross-site scripting (XSS) vulnerability.
Who is affected by CVE-2015-5326?
CVE-2015-5326 affects remote authenticated users with specific permissions in Jenkins.
What specific software versions are affected by CVE-2015-5326?
CVE-2015-5326 affects Jenkins versions before 1.638 and LTS versions before 1.625.2.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-5326
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-5mwr-jg3r-jv66
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- agent/source
- agent/tags
- collector/github-advisory
- package-manager/redhat
- vendor/jenkins
- canonical/jenkins lts
- version/jenkins lts/1.637
- vendor/redhat
- canonical/red hat openshift
- version/red hat openshift/3.1
- version/red hat openshift/2.0
- version/jenkins lts/1.625.1
- package-manager/maven