CVE-2015-1806 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-1844.html

https://access.redhat.com/errata/RHSA-2016:0070

https://bugzilla.redhat.com/show_bug.cgi?id=1205620

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27

Related Vulnerabilities

CVE-2020-2206 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder

CVE-2016-3092 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2019-10293 Vulnerability in maven package org.jenkins-ci.plugins:kmap-jenkins

CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie

CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

Severity

Critical

Classification

CWE-264