Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

Remediation

References

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

https://access.redhat.com/errata/RHSA-2016:0070

Related Vulnerabilities

CVE-2018-17145 Vulnerability in npm package bcoin

CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common

CVE-2022-43416 Vulnerability in maven package org.jenkins-ci.plugins:katalon

CVE-2023-37944 Vulnerability in maven package org.datadog.jenkins.plugins:datadog

CVE-2020-6423 Vulnerability in npm package electron

Severity

Critical

Classification

CWE-94

Tags

Vendor Advisory