Description

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

Remediation

References

CVE-2015-8103

Related Vulnerabilities

MySQL CVE-2019-2991 Vulnerability (CVE-2019-2991)

WordPress Plugin Download Manager Cross-Site Scripting (3.2.52)

MySQL CVE-2023-22026 Vulnerability (CVE-2023-22026)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)

WordPress Plugin MailPoet Newsletters (Previous) Unspecified Vulnerability (2.7.8)

Severity

Critical

Classification

CVE-2015-8103 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities