CVE-2015-1806

{"id": "CVE-2015-1806", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-10-16T20:59:04.527", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2016:0070", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", "source": "secalert@redhat.com"}, {"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2016:0070", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors."}, {"lang": "es", "value": "La secuencia de comandos del filtro de combinaci\u00f3n Groovy en Jenkins en versiones anteriores a 1.600 y LTS en versiones anteriores a 1.596.1 permite a usuarios remotos autenticados con permisos de configuraci\u00f3n de trabajo obtener privilegios y ejecutar c\u00f3digo arbitrario en el maestro a trav\u00e9s de vectores no especificados."}], "lastModified": "2024-11-21T02:26:11.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "87068B16-A915-42BE-AFF0-9B23EF1FD2A7", "versionEndIncluding": "1.580.3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB5428DD-A289-4554-8874-2EEB47DD72E9", "versionEndIncluding": "1.599"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D", "versionEndIncluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}