Vulnerability & Exploit Database

Back to search

Jenkins Advisory 2016-02-24: CVE-2016-0792: Remote code execution through remote API

Severity CVSS Published Added Modified
9 (AV:N/AC:L/Au:S/C:C/I:C/A:C) April 07, 2016 November 13, 2017 January 08, 2018

Available Exploits 

Description

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

jenkins-lts-upgrade-1_642_2

Related Vulnerabilities