Jenkins allows for Privilege Escalation by Remote Authenticated Users

GHSA-mm9c-4cv4-7rfv · CVE-2015-1806

Published May 17, 2022 · Modified Mar 13, 2025

Description

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2015-1806
WEB https://access.redhat.com/errata/RHSA-2016:0070
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1205620
PACKAGE https://github.com/jenkinsci/jenkins
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
WEB http://rhn.redhat.com/errata/RHSA-2015-1844.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes