Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI

[Moritz Muehlenhoff]

On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote:
> Hi Moritz,
> 
> If I'm not mistaken this vulnerability is actually linked to a dangerous
> deserialization in commons-collections if the input isn't properly
> sanitized.

Indeed, I intended to file a separate bug for those (but I was  unsure whether 
jenkins used  the system-wide lib as opposed to the released versions from 
jenkins upstream)

Cheers,
        Moritz