Description
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
Remediation
References
Related Vulnerabilities
PHP Improper Access Control Vulnerability (CVE-2015-8838)
WordPress Plugin HyperComments Arbitrary File Deletion (1.2.2)
WordPress 4.7 Multiple Vulnerabilities (4.7)
WordPress Plugin Auto Prune Posts Cross-Site Request Forgery (1.8.0)
WordPress Plugin WordPress Simple Shop Cross-Site Scripting (1.2)