Description
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Remediation
References
Related Vulnerabilities
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4605)
Oracle Application Server Other Vulnerability (CVE-2005-3448)
Joomla! Core 1.7.x Cross-Site Scripting (1.7.0 - 1.7.2)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-0796)
WordPress Plugin Testimonial WordPress-AP Custom Testimonial Unspecified Vulnerability (1.4.7)