PT-2014-5443 · Cloudbees+1 · Jenkins

Stephen Connolly

·

Publicado

2014-10-16

·

Atualizado

2022-05-17

·

CVE-2014-3666

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3
Description The issue allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
Recommendations For Jenkins versions prior to 1.583, update to version 1.583 or later. For Jenkins LTS versions prior to 1.565.3, update to version 1.565.3 or later.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2014-3666
GHSA-FVFH-8MJ3-23XJ
RHSA-2016:0070

Produtos afetados

Jenkins