Description
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1205627
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
Related Vulnerabilities
CVE-2019-3799 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server
CVE-2011-1475 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2022-27202 Vulnerability in maven package org.jenkins-ci.plugins:extended-choice-parameter
CVE-2023-34034 Vulnerability in maven package org.springframework.security:spring-security-config
CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap