FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- Remote code execution vulnerability in remoting module

Affected packages
jenkins <= 2.31
jenkins-lts <= 2.19.2

Details

VuXML ID 27eee66d-9474-44a5-b830-21ec12a1c307
Discovery 2016-11-11
Entry 2016-11-16

Jenkins Security Advisory:

An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms.

[source]

References

CVE Name CVE-2016-9299
URL https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.