Description
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Remediation
References
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
https://access.redhat.com/errata/RHSA-2016:0070
Related Vulnerabilities
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2023-46998 Vulnerability in maven package org.webjars.bower:bootbox
CVE-2015-0254 Vulnerability in maven package javax.servlet.jsp.jstl:jstl
CVE-2020-6427 Vulnerability in npm package electron
CVE-2019-1003035 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents