CVE-2015-1810
EPSS 0.43%Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
發布日:2022/5/17修改日:2025/3/13
描述
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
受影響套件(1)
- Maven/org.jenkins-ci.main:jenkins-core>= 1.597, < 1.600
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-1810
- PATCHhttps://github.com/jenkinsci/jenkins
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-1844.html
- WEBhttps://access.redhat.com/errata/RHSA-2016:0070
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1205627
- WEBhttps://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27