The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-10-16T20:00:00

Updated: 2024-08-06T04:54:16.404Z

Reserved: 2015-02-17T00:00:00

Link: CVE-2015-1810

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2015-10-16T20:59:08.717

Modified: 2016-06-15T14:35:39.260

Link: CVE-2015-1810

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-02-27T00:00:00Z

Links: CVE-2015-1810 - Bugzilla