Description
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
Remediation
References
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2021-21639)
WordPress Plugin Social Share Buttons-Social Pug Multiple Unspecified Vulnerabilities (1.3.1)
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)