6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.9%
Jenkins prior to 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
CPE | Name | Operator | Version |
---|---|---|---|
org.jenkins-ci.main:jenkins-core | lt | 1.587 |
access.redhat.com/errata/RHBA-2014:1630
access.redhat.com/security/cve/CVE-2014-3665
bugzilla.redhat.com/show_bug.cgi?id=1147767
github.com/advisories/GHSA-66cr-6whx-732p
nvd.nist.gov/vuln/detail/CVE-2014-3665
wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30