Lucene search
HistoryOct 16, 2015 - 8:59 p.m.
CVE-2015-1806
cve-2015-1806
jenkins
security
remote code execution
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.3%
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Affected configurations
Node
jenkinsjenkinsRange≤1.580.3lts
Node
jenkinsjenkinsRange≤1.599
Node
redhatopenshiftRange≤3.1enterprise
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:jenkins | jenkins | le | 1.580.3 |
Related
openvas
openvas
Fedora Update for jenkins-script-security-plugin FEDORA-2015-5637
2015-04-19 00:00:00
Fedora Update for jenkins-matrix-project-plugin FEDORA-2015-5637
2015-04-19 00:00:00
Fedora Update for groovy-sandbox FEDORA-2015-5643
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: groovy-sandbox-1.8-1.fc22
2015-04-21 19:23:30
[SECURITY] Fedora 21 Update: jenkins-script-security-plugin-1.13-2.fc21
2015-04-18 09:44:25
[SECURITY] Fedora 21 Update: groovy-sandbox-1.8-1.fc21
2015-04-18 09:44:25
nessus
nessus
Fedora 21 : jenkins-script-security-plugin-1.13-2.fc21 / groovy-sandbox-1.8-1.fc21 / etc (2015-5637)
2015-04-20 00:00:00
Fedora 22 : jenkins-matrix-project-plugin-1.4.1-1.fc22 / jenkins-script-security-plugin-1.13-2.fc22 / etc (2015-5643)
2015-04-22 00:00:00
RHEL 6 : Red Hat OpenShift Enterprise 2.2.7 (RHSA-2015:1844)
2018-12-04 00:00:00
ubuntucve
ubuntucve
CVE-2015-1806
2015-10-16 00:00:00
nvd
nvd
CVE-2015-1806
2015-10-16 20:59:04
cvelist
cvelist
CVE-2015-1806
2015-10-16 20:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:07:48
Man-In-The-Middle (MitM)
2019-05-02 05:21:35
Path Traversal
2019-05-02 05:21:26
prion
prion
Design/Logic Flaw
2015-10-16 20:59:00
redhat
redhat
f5
f5
K17455 : Multiple Jenkins vulnerabilities
2015-10-16 00:00:00
SOL17455 - Multiple Jenkins vulnerabilities
2015-10-16 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.3%
Related for CVE-2015-1806