Description
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:sort-connector-base
CVE-2019-10414 Vulnerability in maven package de.wellnerbou.jenkins:git-changelog
CVE-2019-17632 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2016-0714 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2022-42252 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core