Description
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Related Vulnerabilities
CVE-2020-15092 Vulnerability in npm package @knight-lab/timelinejs
CVE-2012-0881 Vulnerability in maven package xerces:xercesimpl
CVE-2023-24459 Vulnerability in maven package org.jenkins-ci.plugins:bearychat
CVE-2018-7408 Vulnerability in npm package npm
CVE-2016-4431 Vulnerability in maven package org.apache.struts:struts2-core