Description
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
Remediation
References
Related Vulnerabilities
WordPress Plugin Answer My Question Cross-Site Scripting (1.3)
WordPress Plugin Count per Day Information Disclosure (3.2.5)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-4360)
WordPress Plugin Social Share Buttons-Social Pug Cross-Site Scripting (1.2.5)