Back to search
CVE-2015-8103
Published: Nov 25, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20151118 Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization
mailing-list
x_refsource_MLIST
RHSA-2016:0489
vendor-advisory
x_refsource_REDHAT
77636
vdb-entry
x_refsource_BID
[oss-security] 20151118 Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization
mailing-list
x_refsource_MLIST
RHSA-2016:0070
vendor-advisory
x_refsource_REDHAT
38983
exploit
x_refsource_EXPLOIT-DB
[oss-security] 20151109 CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization
mailing-list
x_refsource_MLIST
[oss-security] 20151118 Re: CVE request: Jenkins remote code execution vulnerability due to unsafe deserialization
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now