Description
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Remediation
References
Related Vulnerabilities
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16397)
PHP4 IMAP module buffer overflow vulnerability
WordPress Plugin All-in-One Event Calendar Cross-Site Scripting (2.5.38)
WordPress Plugin Show-Hide/Collapse-Expand Cross-Site Scripting (1.2.5)
WordPress Plugin 3DPrint Cross-Site Request Forgery (3.5.4.7)