CVE-2014-3666Code Injection in Jenkins

CWE-94Code Injection7 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 20.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedOct 16
Latest updateMay 17

Description

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDjenkins/jenkins1.582+1

🔴Vulnerability Details

3
GHSA
Jenkins allows for Code Execution via Crafted Packet to the CLI2022-05-17
OSV
Jenkins allows for Code Execution via Crafted Packet to the CLI2022-05-17
CVEList
CVE-2014-3666: Jenkins before 12014-10-16

📋Vendor Advisories

2
Red Hat
jenkins: remote code execution flaw (SECURITY-150)2014-10-02
Jenkins
Jenkins Security Advisory 2014-10-012014-10-01

💬Community

1
Bugzilla
CVE-2014-3666 jenkins: remote code execution flaw (SECURITY-150)2014-09-30
CVE-2014-3666 — Code Injection in Jenkins | cvebase