Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)

Description

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.

Remediation

References

Related Vulnerabilities

Atlassian Jira Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-26086)

WordPress Plugin BulletProof Security Cross-Site Scripting (.53.3)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Unspecified Vulnerability (1.6.5)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-2829)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-9937)

Severity

Medium

Classification

CVE-2015-1810 CWE-264

Tags

Missing Update Known Vulnerabilities