Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jenkins Deserialization of Untrusted Data Vulnerability - CVE-2015-8103 - Vulnerability Database
Jenkins

Jenkins Deserialization of Untrusted Data Vulnerability - CVE-2015-8103

Critical
Reference: CVE-2015-8103
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-8103
Title: Jenkins Deserialization of Untrusted Data Vulnerability
Overview:

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the quotGroovy variant in 39ysoserial39quot.