CVE-2015-1810 Vulnerability Details

  /     /     /  

CVE-2015-1810 Metadata Quick Info

CVE Published: 16/10/2015 | CVE Updated: 06/08/2024 | CVE Year: 2015
Source: redhat | Vendor: n/a | Product: n/a
Status : PUBLISHED

---

CVE-2015-1810 Description

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins\' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).