What is the severity of CVE-2015-1806?

CVE-2015-1806 is a high-severity vulnerability that allows remote authenticated users to execute arbitrary code on the Jenkins master.

How do I fix CVE-2015-1806?

To fix CVE-2015-1806, upgrade Jenkins to version 1.600 or later, or 1.596.1 for LTS versions.

What permissions are required to exploit CVE-2015-1806?

Exploitation of CVE-2015-1806 requires remote authenticated users to have job configuration permissions.

What versions of Jenkins are affected by CVE-2015-1806?

CVE-2015-1806 affects Jenkins versions prior to 1.600 and LTS versions before 1.596.1.

What type of attack can be performed using CVE-2015-1806?

CVE-2015-1806 allows for arbitrary code execution on the Jenkins master, potentially leading to complete system compromise.

Vulnerability/
CVE-2015-1806

medium

6.5

CWE

264

25/3/2015

16/10/2015

15/6/2016

CVE-2015-1806

First published: Wed Mar 25 2015(Updated: )

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/Jenkins	<1.600	1.600
redhat/Jenkins	<1.596.1	1.596.1
Jenkins LTS	<=1.580.3
Jenkins LTS	<=1.599
Red Hat OpenShift	<=3.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-1806?
CVE-2015-1806 is a high-severity vulnerability that allows remote authenticated users to execute arbitrary code on the Jenkins master.
How do I fix CVE-2015-1806?
To fix CVE-2015-1806, upgrade Jenkins to version 1.600 or later, or 1.596.1 for LTS versions.
What permissions are required to exploit CVE-2015-1806?
Exploitation of CVE-2015-1806 requires remote authenticated users to have job configuration permissions.
What versions of Jenkins are affected by CVE-2015-1806?
CVE-2015-1806 affects Jenkins versions prior to 1.600 and LTS versions before 1.596.1.
What type of attack can be performed using CVE-2015-1806?
CVE-2015-1806 allows for arbitrary code execution on the Jenkins master, potentially leading to complete system compromise.

agent/type
agent/first-publish-date
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/severity
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-1806
agent/software-canonical-lookup
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/jenkins
canonical/jenkins lts
version/jenkins lts/1.580.3
version/jenkins lts/1.599
vendor/redhat
canonical/red hat openshift
version/red hat openshift/3.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.