First published: Tue Sep 30 2014(Updated: )
Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Red Hat OpenShift | <=3.1 | |
Jenkins LTS | <=1.582 | |
Jenkins LTS | <=1.565.2 | |
maven/org.jenkins-ci.main:jenkins-core | <1.565.3 | 1.565.3 |
maven/org.jenkins-ci.main:jenkins-core | >=1.566<1.583 | 1.583 |
<=3.1 | ||
<=1.582 | ||
<=1.565.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-3666 has a high severity rating as it allows unauthenticated remote code execution on Jenkins.
To address CVE-2014-3666, upgrade Jenkins to version 1.583 or later, or if using LTS, to version 1.565.3 or later.
CVE-2014-3666 affects Jenkins versions prior to 1.583 and Jenkins LTS versions prior to 1.565.3.
Mitigation for CVE-2014-3666 includes restricting access to the CLI channel and implementing proper authentication and authorization.
CVE-2014-3666 is a recognized vulnerability and is noted in various security advisories due to its potential for widespread impact.