CVE-2015-1806 – org.jenkins-ci.main:jenkins-core

Package

Manager: maven
Name: org.jenkins-ci.main:jenkins-core
Vulnerable Version: >=1.597 <1.600 || >=0 <1.596.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00541 pctl0.66673

Details

Jenkins allows for Privilege Escalation by Remote Authenticated Users The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

Metadata

Created: 2022-05-17T03:53:32Z
Modified: 2025-03-13T19:15:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mm9c-4cv4-7rfv/GHSA-mm9c-4cv4-7rfv.json
CWE IDs: ["CWE-266"]
Alternative ID: GHSA-mm9c-4cv4-7rfv
Finding: F005
Auto approve: 1