Description

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

Remediation

References

CVE-2016-3721

Related Vulnerabilities

Moodle Improper Access Control Vulnerability (CVE-2016-8642)

MySQL Use of Externally-Controlled Format String Vulnerability (CVE-2008-3963)

Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)

MySQL CVE-2020-2627 Vulnerability (CVE-2020-2627)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.8)

Severity

Medium

Classification

CVE-2016-3721 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities