Description
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
Remediation
References
Related Vulnerabilities
WordPress Plugin Afterpay Gateway for WooCommerce Cross-Site Scripting (3.2.0)
MySQL Other Vulnerability (CVE-2016-0705)
WordPress Plugin Tooltipy (tooltips for WP) Multiple Vulnerabilities (5.0.2)
SharePoint Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3895)
WordPress Plugin Social Sharing Toolkit Cross-Site Scripting (2.1.1)