|
| Description: | | The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". |
|
| Impact: | | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. |
|
| Affected OS: | | Windows, Mac OS, Other Unix, FreeBSD, Linux |
|
| Reference: | | SecurityFocusBID:77636
ExploitDB:38983
|
|