Description
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2014-3600 Vulnerability in maven package org.apache.activemq:apache-activemq
CVE-2023-29017 Vulnerability in npm package vm2
CVE-2018-1999031 Vulnerability in maven package org.jenkins-ci.plugins:meliora-testlab
CVE-2022-36894 Vulnerability in maven package org.jenkins-ci.plugins:clif-performance-testing
CVE-2021-32732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-administration-ui