Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

Remediation

References

CVE-2014-3666

Related Vulnerabilities

PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-4782)

Internet Information Services Other Vulnerability (CVE-2002-0148)

Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-8446)

Mailman Other Vulnerability (CVE-2000-0861)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2004-0079)

Severity

High

Classification

CVE-2014-3666 CWE-94

Tags

Missing Update Known Vulnerabilities