Arbitrary Build Parameter Injection in Jenkins

Arbitrary Build Parameter Injection in Jenkins

CVE-2016-3721 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.

Learn more about our User Device Pen Test.