CVE-2015-1806
Jenkins < 1.600 and LTS < 1.596.1 - Authenticated Remote Code Execution via Combination Filter Groovy Script
Title source: llmDescription
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
References (4)
Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2016:0070
Vendor Advisory x_refsource_confirm
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1844.html
Scores
EPSS
0.0064
EPSS Percentile
70.8%
Details
CWE
CWE-264
Status
published
Products (4)
jenkins/jenkins
< 1.580.3
jenkins/jenkins
< 1.599
org.jenkins-ci.main/jenkins-core
1.597 - 1.600Maven
redhat/openshift
< 3.1
Published
Oct 16, 2015
Tracked Since
Feb 18, 2026