Description
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2017-1000089 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-build-step
CVE-2022-25598 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-dist
CVE-2022-41246 Vulnerability in maven package org.jenkins-ci.plugins:ws-execution-manager
CVE-2023-24438 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps