Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

Emmanuel Bourg ebourg at apache.org
Mon Nov 9 08:25:20 UTC 2015

Previous message: Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Next message: Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Moritz,

If I'm not mistaken this vulnerability is actually linked to a dangerous
deserialization in commons-collections if the input isn't properly
sanitized. I intend to upload a modification of commons-collections to
address this issue in Jenkins and the other applications potentially
affected.

Emmanuel Bourg

Previous message: Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Next message: Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the pkg-java-maintainers mailing list