Description

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-1844.html

https://access.redhat.com/errata/RHSA-2016:0070

https://bugzilla.redhat.com/show_bug.cgi?id=1205620

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27

Related Vulnerabilities

CVE-2014-3600 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2023-29017 Vulnerability in npm package vm2

CVE-2018-1999031 Vulnerability in maven package org.jenkins-ci.plugins:meliora-testlab

CVE-2022-36894 Vulnerability in maven package org.jenkins-ci.plugins:clif-performance-testing

CVE-2021-32732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory