Description
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
Remediation
References
Related Vulnerabilities
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5652)
WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)
Owncloud Cross-site Scripting (XSS) Vulnerability (CVE-2020-16255)
WordPress Plugin bbPress Like Button SQL Injection (1.5)
Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)