Description

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

Remediation

References

CVE-2015-8103

Related Vulnerabilities

MySQL CVE-2015-4861 Vulnerability (CVE-2015-4861)

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)

WordPress Plugin User Login Log Cross-Site Scripting (2.2.2)

Oracle Application Server Other Vulnerability (CVE-2002-0386)

WordPress Plugin GenerateBlocks Cross-Site Scripting (1.3.5)

Severity

Critical

Classification

CVE-2015-8103 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities