Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2015-1806

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.

Published: Oct 16, 2015
Updated: Nov 9, 2025
CVE: CVE-2015-1806
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	1.580.3.x
jenkins / jenkins	-	1.599.x
redhat / openshift	-	3.1.x

http://rhn.redhat.com/errata/RHSA-2015-1844.html
https://access.redhat.com/errata/RHSA-2016:0070
https://bugzilla.redhat.com/show_bug.cgi?id=1205620
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo