VDB
CVE-2015-1810
CVE-2015-1810
PUBLISHED
Reported by redhat · Published October 16, 2015
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| Maven | org.jenkins-ci.main:jenkins-core | 1.597, 1.597 |
| n/a | n/a | *, *, n/a |
Timeline
- Oct 16, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
References
- RHSA-2016:0070 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- RHSA-2015:1844 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2015-1810 advisory
- https://github.com/advisories/GHSA-37wm-28rm-56vw advisory
- https://github.com/jenkinsci/jenkins url