CISA Known Exploited Vulnerability

CVE-2015-5317

Jenkins · Jenkins User Interface (UI)

Jenkins User Interface (UI) Information Disclosure Vulnerability

Date added 2023-05-12

BOD 22-01 due date 2023-06-02

CWE CWE-200

Ransomware Unknown

CISA description

Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages.

Required action

Apply updates per vendor instructions.

Notes & references

https://www.jenkins.io/security/advisory/2015-11-11/
https://nvd.nist.gov/vuln/detail/CVE-2015-5317

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2015-5317
CVE.org · CVE-2015-5317
CISA KEV catalog (canonical)