WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-1810 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Description

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-1844.html

https://access.redhat.com/errata/RHSA-2016:0070

https://bugzilla.redhat.com/show_bug.cgi?id=1205627

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27

Related Vulnerabilities

CVE-2020-2259 Vulnerability in maven package org.jenkins-ci.plugins:computer-queue-plugin

CVE-2021-41084 Vulnerability in maven package org.http4s:http4s-server_3

CVE-2018-1000055 Vulnerability in maven package org.jvnet.hudson.plugins:android-lint

CVE-2023-43498 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-2205 Vulnerability in maven package org.jenkins-ci.plugins:vncrecorder

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory