Description
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2022-46684 Vulnerability in maven package com.checkmarx.jenkins:checkmarx
CVE-2022-36099 Vulnerability in maven package org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
CVE-2020-2270 Vulnerability in maven package org.jenkins-ci.plugins:clearcase-release
CVE-2019-10431 Vulnerability in maven package org.jenkins-ci.plugins:script-security
CVE-2011-3376 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core