CVE-2015-7537

MEDIUM

Description

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

References

http://rhn.redhat.com/errata/RHSA-2016-0489.html

https://access.redhat.com/errata/RHSA-2016:0070

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Details

Source: MITRE

Published: 2016-02-03

Updated: 2016-06-14

Type: CWE-352

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH