NVD

Id
28087  
Name
CVE-2015-7539  
Description
The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.  
Reject
 
CVSS Version
2  
CVSS Score
7.6  
Severity
High  
CVSS Base Score
7.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-02-03  
Modified Date
2016-06-13  
Seq
2015-7539  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
147491 28087 CVE-2015-7539 RHSA-2016:0489  View
147492 28087 CVE-2015-7539 RHSA-2016:0070  View
147493 28087 CVE-2015-7539 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11595 JVNDB-2015-006915 CloudBees Jenkins の Plugins Manager における任意のコードを実行される脆弱性 CloudBees Jenkins の Plugins Manager は、アップデートサイトのデータ内で参照されるプラグインファイルのチェックサムを検証しないため、任意のコードを実行される脆弱性が存在します。 CVE-2015-7539 84764 CVE-2015-7539 28087 7.6 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-006915.html 2015-12-09 2016-03-07 View