WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-1810 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1205627

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27

http://rhn.redhat.com/errata/RHSA-2015-1844.html

https://access.redhat.com/errata/RHSA-2016:0070

Related Vulnerabilities

CVE-2022-43418 Vulnerability in maven package org.jenkins-ci.plugins:katalon

CVE-2023-29516 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui

CVE-2020-2283 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner

CVE-2023-50773 Vulnerability in maven package com.zintow:dingding-json-pusher

CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory