What is CVE-2015-7537?

CVE-2015-7537 is a high-severity vulnerability in Jenkins, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-02-03.

How severe is CVE-2015-7537?

High severity. CVSS v3 base score is 8.8 out of 10.

CSRF in Jenkins

CVE-2015-7537

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.004 (60.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Jenkins
Redhat Openshift — versions 2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2016:0489 (x_refsource_REDHAT, vendor-advisory)
RHSA-2016:0070 (x_refsource_REDHAT, vendor-advisory)

Frequently asked questions

What is CVE-2015-7537?: CVE-2015-7537 is a high-severity vulnerability in Jenkins, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2016-02-03.
How severe is CVE-2015-7537?: High severity. CVSS v3 base score is 8.8 out of 10.