Description
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2016-8747 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2017-7957 Vulnerability in maven package xstream:xstream
CVE-2018-1999020 Vulnerability in maven package org.onosproject:onos-core-common
CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server
CVE-2019-17573 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http