CVE-2015-1806
EPSS 0.64%Jenkins allows for Privilege Escalation by Remote Authenticated Users
發布日:2022/5/17修改日:2025/3/13
描述
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.597, < 1.600
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1806
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-1844.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:0070
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1205620
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27