Description
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Remediation
References
Related Vulnerabilities
Drupal Core 8.6.x Directory Traversal (8.6.0 - 8.6.15)
WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)
WordPress Plugin Advanced Text Widget 'page' Parameter Cross-Site Scripting (2.0.0)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-4042)