← Retour aux CVEs
CVE-2015-1810
N/ADescription
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
Details CVE
Score CVSS v3.1N/A
Publie10/16/2015
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
jenkins:jenkinsredhat:openshift
Faiblesses (CWE)
CWE-264
References
http://rhn.redhat.com/errata/RHSA-2015-1844.html(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2016:0070(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1205627(secalert@redhat.com)
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27(secalert@redhat.com)
http://rhn.redhat.com/errata/RHSA-2015-1844.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2016:0070(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1205627(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.