Security context
MediumGHSA-fvfh-8mj3-23xj CVE-2014-3666CWE-94Published May 17, 2022

Jenkins allows for Code Execution via Crafted Packet to the CLI

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

1.566 → fixed in 1.5830 → fixed in 1.565.3

Details

Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to execute arbitrary code via a crafted packet to the CLI channel.

The fix

[FIXED SECURITY-150]

Kohsuke Kawaguchi· Oct 1, 2014, 03:19 PM+44be195b0e19
core/src/main/java/hudson/Launcher.java+1 1
@@ -816,7 +816,7 @@ public Channel launchChannel(OutputStream out, ProcessBuilder pb) throws IOExcep
* Kill the process when the channel is severed.
*/
@Override
- protected synchronized void terminate(IOException e) {
+ public synchronized void terminate(IOException e) {
super.terminate(e);
ProcessTree pt = ProcessTree.get();
try {
core/src/main/java/hudson/slaves/Channels.java+2 2
@@ -73,7 +73,7 @@ public static Channel forProcess(String name, ExecutorService execService, Input
* Kill the process when the channel is severed.
*/
@Override
- protected synchronized void terminate(IOException e) {
+ public synchronized void terminate(IOException e) {
super.terminate(e);
try {
proc.kill();
@@ -109,7 +109,7 @@ public static Channel forProcess(String name, ExecutorService execService, final
* Kill the process when the channel is severed.
*/
@Override
- protected synchronized void terminate(IOException e) {
+ public synchronized void terminate(IOException e) {
super.terminate(e);
proc.destroy();
// the stderr copier should exit by itself
pom.xml+1 1
@@ -173,7 +173,7 @@ THE SOFTWARE.
<dependency>
<groupId>org.jenkins-ci.main</groupId>
<artifactId>remoting</artifactId>
- <version>2.32</version>
+ <version>2.46</version>
</dependency>
<dependency>

References