FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- Remote code execution vulnerability in remoting module

Affected packages
jenkins <= 2.31
jenkins-lts <= 2.19.2


VuXML ID 27eee66d-9474-44a5-b830-21ec12a1c307
Discovery 2016-11-11
Entry 2016-11-16

Jenkins Security Advisory:

An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms.


CVE Name CVE-2016-9299