CVE-2016-3721
MEDIUMJenkins <2.3, <1.651.2 - Command Injection
Title source: llmDescription
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
References (6)
Scores
CVSS v3
4.3
EPSS
0.0038
EPSS Percentile
59.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Classification
CWE
CWE-17
Status
draft
Affected Products (5)
redhat/openshift
redhat/openshift
jenkins/jenkins
< 1.651.1
jenkins/jenkins
< 2.2
org.jenkins-ci.main/jenkins-core
< 2.3Maven
Timeline
Published
May 17, 2016
Tracked Since
Feb 18, 2026