Description

Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.

Remediation

References

CVE-2014-3665

Related Vulnerabilities

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-3400)

Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)

WordPress Plugin CMS Tree Page View Cross-Site Request Forgery (1.2.4)

Oracle JRE CVE-2020-2754 Vulnerability (CVE-2020-2754)

Oracle JRE CVE-2012-5079 Vulnerability (CVE-2012-5079)

Severity

Medium

Classification

CVE-2014-3665 CWE-264

Tags

Missing Update Known Vulnerabilities