jenkins is vulnerable to privilege escalation. Access to reserved names are not restricted in the HudsonPrivateSecurityRealm
class when using jenkins’ user database, which allows remote attackers to gain privileges by creating a reserved name.
rhn.redhat.com/errata/RHSA-2015-1844.html
rhn.redhat.com/errata/RHSA-2015-1844.html
access.redhat.com/errata/RHSA-2016:0070
access.redhat.com/errata/RHSA-2016:0070
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1062253
bugzilla.redhat.com/show_bug.cgi?id=1128567
bugzilla.redhat.com/show_bug.cgi?id=1130028
bugzilla.redhat.com/show_bug.cgi?id=1138522
bugzilla.redhat.com/show_bug.cgi?id=1152524
bugzilla.redhat.com/show_bug.cgi?id=1160699
bugzilla.redhat.com/show_bug.cgi?id=1171815
bugzilla.redhat.com/show_bug.cgi?id=1191283
bugzilla.redhat.com/show_bug.cgi?id=1197123
bugzilla.redhat.com/show_bug.cgi?id=1197576
bugzilla.redhat.com/show_bug.cgi?id=1205627
bugzilla.redhat.com/show_bug.cgi?id=1205627
bugzilla.redhat.com/show_bug.cgi?id=1216206
bugzilla.redhat.com/show_bug.cgi?id=1217572
bugzilla.redhat.com/show_bug.cgi?id=1221931
bugzilla.redhat.com/show_bug.cgi?id=1225943
bugzilla.redhat.com/show_bug.cgi?id=1226061
bugzilla.redhat.com/show_bug.cgi?id=1227501
bugzilla.redhat.com/show_bug.cgi?id=1228373
bugzilla.redhat.com/show_bug.cgi?id=1229300
bugzilla.redhat.com/show_bug.cgi?id=1232827
bugzilla.redhat.com/show_bug.cgi?id=1232921
bugzilla.redhat.com/show_bug.cgi?id=1241750
bugzilla.redhat.com/show_bug.cgi?id=1257757
bugzilla.redhat.com/show_bug.cgi?id=1264039
bugzilla.redhat.com/show_bug.cgi?id=1264210
bugzilla.redhat.com/show_bug.cgi?id=1264216
rhn.redhat.com/errata/RHSA-2015-1844.html
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27