Lucene search

Veracode Vulnerability DatabaseVERACODE:16488

HistoryMay 02, 2019 - 5:18 a.m.

Privilege Escalation

2019-05-0205:18:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

JSON

jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm class when using jenkins’ user database, which allows remote attackers to gain privileges by creating a reserved name.

CPENameOperatorVersion
openshift-origin-cartridge-diyeq0.4.8__1.1.el6op
openshift-origin-cartridge-diyeq1.21.3.1__1.el6op
openshift-origin-cartridge-diyeq1.24.1.0__1.el6op
openshift-origin-cartridge-diyeq1.16.1__2.el6op
rubygem-openshift-origin-nodeeq1.23.9.14__1.el6op
rubygem-openshift-origin-nodeeq1.23.9.15__1.el6op
rubygem-openshift-origin-nodeeq1.35.4.2__1.el6op
rubygem-openshift-origin-nodeeq1.9.14.5__1.el6op
rubygem-openshift-origin-nodeeq1.36.2.2__1.el6op
rubygem-openshift-origin-nodeeq1.9.14.7__1.el6op

Name	Operator	Version
openshift-origin-cartridge-diy	eq	0.4.8__1.1.el6op
openshift-origin-cartridge-diy	eq	1.21.3.1__1.el6op
openshift-origin-cartridge-diy	eq	1.24.1.0__1.el6op
openshift-origin-cartridge-diy	eq	1.16.1__2.el6op
rubygem-openshift-origin-node	eq	1.23.9.14__1.el6op
rubygem-openshift-origin-node	eq	1.23.9.15__1.el6op
rubygem-openshift-origin-node	eq	1.35.4.2__1.el6op
rubygem-openshift-origin-node	eq	1.9.14.5__1.el6op
rubygem-openshift-origin-node	eq	1.36.2.2__1.el6op
rubygem-openshift-origin-node	eq	1.9.14.7__1.el6op

Rows per page:

1-10 of 7741

References

rhn.redhat.com/errata/RHSA-2015-1844.html

access.redhat.com/errata/RHSA-2016:0070

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1062253

bugzilla.redhat.com/show_bug.cgi?id=1128567

bugzilla.redhat.com/show_bug.cgi?id=1130028

bugzilla.redhat.com/show_bug.cgi?id=1138522

bugzilla.redhat.com/show_bug.cgi?id=1152524

bugzilla.redhat.com/show_bug.cgi?id=1160699

bugzilla.redhat.com/show_bug.cgi?id=1171815

bugzilla.redhat.com/show_bug.cgi?id=1191283

bugzilla.redhat.com/show_bug.cgi?id=1197123

bugzilla.redhat.com/show_bug.cgi?id=1197576

bugzilla.redhat.com/show_bug.cgi?id=1205627

bugzilla.redhat.com/show_bug.cgi?id=1216206

bugzilla.redhat.com/show_bug.cgi?id=1217572

bugzilla.redhat.com/show_bug.cgi?id=1221931

bugzilla.redhat.com/show_bug.cgi?id=1225943

bugzilla.redhat.com/show_bug.cgi?id=1226061

bugzilla.redhat.com/show_bug.cgi?id=1227501

bugzilla.redhat.com/show_bug.cgi?id=1228373

bugzilla.redhat.com/show_bug.cgi?id=1229300

bugzilla.redhat.com/show_bug.cgi?id=1232827

bugzilla.redhat.com/show_bug.cgi?id=1232921

bugzilla.redhat.com/show_bug.cgi?id=1241750

bugzilla.redhat.com/show_bug.cgi?id=1257757

bugzilla.redhat.com/show_bug.cgi?id=1264039

bugzilla.redhat.com/show_bug.cgi?id=1264210

bugzilla.redhat.com/show_bug.cgi?id=1264216

rhn.redhat.com/errata/RHSA-2015-1844.html

wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27

4.6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

JSON

Related for VERACODE:16488