Description
Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2016-0489.html
https://access.redhat.com/errata/RHSA-2016:0070
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
Related Vulnerabilities
CVE-2018-8042 Vulnerability in maven package org.apache.ambari:ambari-agent
CVE-2013-4322 Vulnerability in maven package org.apache.tomcat:coyote
CVE-2020-1717 Vulnerability in maven package org.keycloak:keycloak-parent
CVE-2017-7669 Vulnerability in maven package org.apache.hadoop:hadoop-common
CVE-2019-10077 Vulnerability in maven package org.apache.jspwiki:jspwiki-main