Fluid Attacks Database

Description

Jenkins allows for Code Execution via Crafted Packet to the CLI Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.main:jenkins-core	>=1.566 <1.583 \|\| >=0 <1.565.3	1.583, 1.565.3

Aliases

1. CVE-2014-36662. NVD-2014-36663. OSV-2014-36664. GCVE-2014-36665. access.redhat.com

References

1. https://github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c322. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.