Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Emmanuel Bourg
ebourg at apache.org
Mon Nov 9 08:25:20 UTC 2015
Hi Moritz,
If I'm not mistaken this vulnerability is actually linked to a dangerous
deserialization in commons-collections if the input isn't properly
sanitized. I intend to upload a modification of commons-collections to
address this issue in Jenkins and the other applications potentially
affected.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list