Description

Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.

Remediation

References

CVE-2014-3665

Related Vulnerabilities

WordPress Plugin Smooth Slider SQL Injection (2.8.6)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33361)

WordPress Plugin WordPress Calls to Action Multiple Vulnerabilities (2.3.7)

Python Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-28359)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4309)

Severity

Medium

Classification

CVE-2014-3665 CWE-264

Tags

Missing Update Known Vulnerabilities