|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-04-16 | |
| Rule Name: | Jenkins CI Server Xstream Insecure Deserialization Vulnerability (CVE-2016-0792) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | ExploitDB:42394 http://rhn.redhat.com/errata/RHSA-2016-1773.html https://access.redhat.com/errata/RHSA-2016:0711 https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 |
|
| Solutions |
|---|
| More advisories have been published on the website, please visit for more suggestions: https://jenkins.io/ |