Description

Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.

Remediation

References

CVE-2014-3665

Related Vulnerabilities

WordPress Plugin Contact Form Email Information Disclosure (1.2.66)

MySQL CVE-2019-2920 Vulnerability (CVE-2019-2920)

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)

WordPress Plugin WP User-Custom Registration Forms, Login and User Profile Multiple Vulnerabilities (7.0)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)

Severity

Medium

Classification

CVE-2014-3665 CWE-264

Tags

Missing Update Known Vulnerabilities