WEB APPLICATION VULNERABILITIES Standard & Premium

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)

Description

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.

Remediation

References

Related Vulnerabilities

WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Security Bypass (4.16)

ownCloud Files or Directories Accessible to External Parties Vulnerability (CVE-2015-4715)

WordPress Plugin WP Simple Login Registration Cross-Site Scripting (1.0.2)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)

MySQL CVE-2024-21199 Vulnerability (CVE-2024-21199)

Severity

Medium

Classification

CVE-2015-1810 CWE-264

Tags

Missing Update Known Vulnerabilities