Akshay Dayal

**Name of the Vulnerable Software and Affected Versions** Jenkins versions prior to 1.638 Jenkins LTS versions prior to 1.625.2 **Description** The issue arises from improper verification of the shared secret used in JNLP slave connections. This allows remote attackers to connect as slaves, potentially obtaining sensitive information or gaining administrative access if they have knowledge of a slave's name. **Recommendations** For Jenkins versions prior to 1.638, update to version 1.638 or later. For Jenkins LTS versions prior to 1.625.2, update to version 1.625.2 or later.