PT-2015-5449 · Cloudbees+1 · Jenkins

Daniel Beck

·

Publicado

2015-10-16

·

Atualizado

2022-05-17

·

CVE-2015-1806

CVSS v2.0

6.5

Média

VetorAV:N/AC:L/Au:S/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.600 Jenkins LTS versions prior to 1.596.1
Description The issue allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master. This is due to a problem in the combination filter Groovy script.
Recommendations For versions prior to 1.600, update to version 1.600 or later. For LTS versions prior to 1.596.1, update to version 1.596.1 or later.

Correção

Incorrect Privilege Assignment

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-266

Identificadores relacionados

CVE-2015-1806
GHSA-MM9C-4CV4-7RFV
RHSA-2015:1844
RHSA-2016:0070

Produtos afetados

Jenkins