CVE-2014-3666: Jenkins allows for Code Execution via Crafted Packet to the CLI

May 17, 2022 (updated March 13, 2025)

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

References

access.redhat.com/errata/RHSA-2016:0070
github.com/advisories/GHSA-fvfh-8mj3-23xj
github.com/jenkinsci/jenkins
github.com/jenkinsci/jenkins/commit/be195b0e19343bff6d966029d8eea99b2c039c32
nvd.nist.gov/vuln/detail/CVE-2014-3666
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01

Code Behaviors & Features

Detect and mitigate CVE-2014-3666 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →