Vulnerability Description
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
CVSS Score
6.8
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jenkins | Jenkins | <= 1.586 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1147767
- https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+ControlVendor Advisory
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-3Vendor Advisory
- https://www.cloudbees.com/jenkins-security-advisory-2014-10-30Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1147767
- https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+ControlVendor Advisory
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-3Vendor Advisory
- https://www.cloudbees.com/jenkins-security-advisory-2014-10-30Vendor Advisory
FAQ
What is CVE-2014-3665?
CVE-2014-3665 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveragin...
How severe is CVE-2014-3665?
CVE-2014-3665 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3665?
Check the references section above for vendor advisories and patch information. Affected products include: Jenkins Jenkins.