PT-2016-4414 · Cloudbees+1 · Jenkins

Moritz Bechler

Published

2016-04-07

Updated

2022-05-14

CVE-2016-0788

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Jenkins versions prior to 1.650 Jenkins LTS versions prior to 1.642.2

Description The issue allows remote attackers to execute arbitrary code by opening a JRMP listener. This is related to the remoting module in Jenkins.

Recommendations For Jenkins versions prior to 1.650, update to version 1.650 or later. For Jenkins LTS versions prior to 1.642.2, update to version 1.642.2 or later.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-264

Related Identifiers

CVE-2016-0788

GHSA-J7Q5-H445-F7PC

RHSA-2016:0711

RHSA-2016:1773

Affected Products

Jenkins

PT-2016-4414 · Cloudbees+1 · Jenkins

CVE-2016-0788

Weakness Enumeration

Related Identifiers

Affected Products

References · 9