Bug#804522: jenkins: Unauthenticated remote code execution 0-day in Jenkins CLI
Moritz Muehlenhoff
jmm at inutil.org
Mon Nov 9 08:26:19 UTC 2015
On Mon, Nov 09, 2015 at 09:25:20AM +0100, Emmanuel Bourg wrote:
> Hi Moritz,
>
> If I'm not mistaken this vulnerability is actually linked to a dangerous
> deserialization in commons-collections if the input isn't properly
> sanitized.
Indeed, I intended to file a separate bug for those (but I was unsure whether
jenkins used the system-wide lib as opposed to the released versions from
jenkins upstream)
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list