CVE-2015-1806Incorrect Privilege Assignment in Jenkins

CWE-264CWE-266Incorrect Privilege Assignment7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 29.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedOct 16
Latest updateMay 17

Description

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

NVDjenkins/jenkins1.580.3+1

🔴Vulnerability Details

3
OSV
Jenkins allows for Privilege Escalation by Remote Authenticated Users2022-05-17
GHSA
Jenkins allows for Privilege Escalation by Remote Authenticated Users2022-05-17
CVEList
CVE-2015-1806: The combination filter Groovy script in Jenkins before 12015-10-16

📋Vendor Advisories

1
Red Hat
jenkins: Combination filter Groovy script unsecured (SECURITY-125)2015-02-27

💬Community

2
Bugzilla
CVE-2015-1806 CVE-2015-1807 CVE-2015-1813 CVE-2015-1812 CVE-2015-1811 CVE-2015-1810 CVE-2015-1808 CVE-2015-1809 CVE-2015-1814 jenkins: various flaws [fedora-all]2015-03-25
Bugzilla
CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125)2015-03-25
CVE-2015-1806 — Incorrect Privilege Assignment | cvebase