7.8 High
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
77.2%
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
rhn.redhat.com/errata/RHSA-2015-1844.html
access.redhat.com/errata/RHSA-2016:0070
bugzilla.redhat.com/show_bug.cgi?id=1205620
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27