CVE-2015-7537: Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack

May 13, 2022 (updated March 13, 2025)

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

References

access.redhat.com/errata/RHSA-2016:0070
github.com/advisories/GHSA-3vhr-f5xr-8vpx
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/40a28999e221a209212c30586be9c39049510bd1
nvd.nist.gov/vuln/detail/CVE-2015-7537
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-12-09

Code Behaviors & Features

Detect and mitigate CVE-2015-7537 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →