Description
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2015-5346 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-37949 Vulnerability in maven package io.jenkins.plugins:macstadium-orka
CVE-2022-41237 Vulnerability in maven package com.groupon.jenkins-ci.plugins:dotci
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-2053 Vulnerability in maven package io.undertow:undertow-core