CVE-2014-3665

Description

Jenkins prior to 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.

How to fix CVE-2014-3665

To remediate CVE-2014-3665, upgrade the affected package to a fixed version below.

• Maven/org.jenkins-ci.main:jenkins-core—upgrade to 1.587 or later

Is CVE-2014-3665 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.587

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-3665
• WEBaccess.redhat.com/errata/RHBA-2014:1630
• WEBaccess.redhat.com/security/cve/CVE-2014-3665
• WEBbugzilla.redhat.com/show_bug.cgi?id=1147767
• WEB