Описание
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
It was discovered that the internal Jenkins user database did not restrict access to reserved names, allowing users to escalate privileges.
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS b ...
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation
EPSS
4.6 Medium
CVSS2