VDB
CVE-2015-7539
CVE-2015-7539
PUBLISHED
Reported by redhat · Published February 3, 2016
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, *, n/a |
| Maven | org.jenkins-ci.main:jenkins-core | 0, 0 |
Timeline
- Feb 3, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- x_refsource_CONFIRM
- RHSA-2016:0489 vendor-advisoryx_refsource_REDHAT
- RHSA-2016:0070 vendor-advisoryx_refsource_REDHAT
- https://nvd.nist.gov/vuln/detail/CVE-2015-7539 advisory
- https://github.com/advisories/GHSA-x274-9m9r-fm5g advisory
- https://github.com/jenkinsci/jenkins/commit/11479a2cc0a322a6bcd7e65667f3d24aa4d444bb patch
- https://github.com/jenkinsci/jenkins/commit/97adb71aa4509f91e408a16ba312e817ec015cf4 patch
- https://github.com/jenkinsci/jenkins/commit/9ec88357a354d8354728cc06e2b8c8b68aee58bf patch
- https://github.com/jenkinsci/jenkins/commit/c158648afa8888bc49ac337c973d4e4bc050118e patch
- https://github.com/jenkinsci/jenkins/commit/f99cb46e06f394637067730a82f46bddc3567295 patch
- https://github.com/jenkinsci/jenkins url