The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2015-10-16T20:00:00
Updated: 2016-06-09T15:57:01
Reserved: 2015-02-17T00:00:00
Link: CVE-2015-1810
JSON object: View
NVD Information
Status : Analyzed
Published: 2015-10-16T20:59:08.717
Modified: 2016-06-15T14:35:39.260
Link: CVE-2015-1810
JSON object: View
Redhat Information
No data.
CWE