-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.main:jenkins-core | maven | >= 1.566, < 1.583 | 1.583 |
| org.jenkins-ci.main:jenkins-core | maven | < 1.565.3 | 1.565.3 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from improper channel termination in Jenkins' CLI handling. The commit patching CVE-2014-3666 changed these methods' access modifiers from protected to public, enabling proper override behavior from security-hardened remoting library (updated to v2.46). This allowed correct process termination on channel closure, preventing attackers from maintaining malicious connections. The direct correlation between these method visibility changes and the remoting library update in the security fix confirms their role in the vulnerability.
Ongoing coverage of React2Shell