Description

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

Remediation

References

CVE-2015-1806

Related Vulnerabilities

phpBB CVE-2008-6507 Vulnerability (CVE-2008-6507)

WordPress Plugin KJM Admin Notices Cross-Site Scripting (2.0.1)

WordPress Plugin Disqus Comment System Multiple Cross-Site Request Forgery Vulnerabilities (2.77)

Apache HTTP Server Other Vulnerability (CVE-2001-1072)

WordPress Plugin Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, Aweber-MailOptin Security Bypass (1.2.35.1)

Severity

Medium

Classification

CVE-2015-1806 CWE-264

Tags

Missing Update Known Vulnerabilities