Fluid Attacks Database

Description

Jenkins Denial of Service vulnerability Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to cause a denial of service (thread consumption) via vectors related to a CLI handshake.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.jenkins-ci.main:jenkins-core	>=1.566 <1.583 \|\| >=0 <1.565.3	1.583, 1.565.3

Aliases

1. CVE-2014-36612. NVD-2014-36613. OSV-2014-36614. GCVE-2014-36615. access.redhat.com6. access.redhat.com7. ACCESS-CVE-2014-3661

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=11477582. https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.