Jenkins improperly ensures trust separation

2022-05-1703:53:35

Google

osv.dev

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

Jenkins prior to 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.

CPENameOperatorVersion
org.jenkins-ci.main:jenkins-coreeq1.500
org.jenkins-ci.main:jenkins-coreeq1.488
org.jenkins-ci.main:jenkins-coreeq1.442
org.jenkins-ci.main:jenkins-coreeq1.571
org.jenkins-ci.main:jenkins-coreeq1.424
org.jenkins-ci.main:jenkins-coreeq1.581
org.jenkins-ci.main:jenkins-coreeq1.510
org.jenkins-ci.main:jenkins-coreeq1.456
org.jenkins-ci.main:jenkins-coreeq1.509.4
org.jenkins-ci.main:jenkins-coreeq1.498

Name	Operator	Version
org.jenkins-ci.main:jenkins-core	eq	1.500
org.jenkins-ci.main:jenkins-core	eq	1.488
org.jenkins-ci.main:jenkins-core	eq	1.442
org.jenkins-ci.main:jenkins-core	eq	1.571
org.jenkins-ci.main:jenkins-core	eq	1.424
org.jenkins-ci.main:jenkins-core	eq	1.581
org.jenkins-ci.main:jenkins-core	eq	1.510
org.jenkins-ci.main:jenkins-core	eq	1.456
org.jenkins-ci.main:jenkins-core	eq	1.509.4
org.jenkins-ci.main:jenkins-core	eq	1.498