Home

CVE-2015-1810

Description

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the Jenkins own user database setting, which allows remote attackers to gain privileges by creating a reserved name.

Risk Information

Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.433

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Jenkins 1.599Windows
Vulnerabilities CVE-2015-1811,CVE-2015-1809,CVE-2015-1810,CVE-2015-1806,CVE-2015-1808 are fixed in Jenkins-Core 1.600Windows
Vulnerabilities CVE-2015-1811,CVE-2015-1809,CVE-2015-1810,CVE-2015-1806,CVE-2015-1808 are fixed in Jenkins-Core 1.596.1Windows
Multiple vulnerabilities affected in Jenkins 1.599 (For Ubuntu)Linux
Multiple vulnerabilities affected in Jenkins 1.599 (For Debian)Linux
Multiple vulnerabilities affected in Jenkins 1.599 (For Centos)Linux
Multiple vulnerabilities affected in Jenkins 1.599 (For RedHat)Linux
Multiple vulnerabilities affected in Jenkins 1.599 (For Suse)Linux
Vulnerabilities CVE-2015-1811,CVE-2015-1809,CVE-2015-1810,CVE-2015-1806,CVE-2015-1808 are fixed in Jenkins-Core for Linux 1.600Linux
Vulnerabilities CVE-2015-1811,CVE-2015-1809,CVE-2015-1810,CVE-2015-1806,CVE-2015-1808 are fixed in Jenkins-Core for Linux 1.596.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234