CVE-2014-3665

Published: Nov 25, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.

Affected (2)

Products: Jenkins: Jenkins

Jenkins

1 product

Jenkins

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 1.586

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Jenkins	Up to 1.565.3

Related CWEs

CWE-264

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1147767

Source: secalert@redhat.com

https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control

Source: secalert@redhat.com

Vendor Advisory

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30

Source: secalert@redhat.com

Vendor Advisory

https://www.cloudbees.com/jenkins-security-advisory-2014-10-30

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1147767

Source: af854a3a-2127-422b-91ae-364da2661108

https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cloudbees.com/jenkins-security-advisory-2014-10-30

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.