CVE-2015-8103

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 83.93 % (99^th)

Affected Products 2

Advisories 1

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2015-11-25 20:59:19
(8 years ago)
Updated Date: 2024-01-09 02:16:29
(8 months ago)

Affected Products

Jenkins

Jenkins

Redhat

Openshift Container Platform

Configuration #1

		CPE23	From	Up To
	Redhat Openshift Container Platform 2.2	cpe:2.3:a:redhat:openshift_container_platform:2.2
	Redhat Openshift Container Platform 3.1	cpe:2.3:a:redhat:openshift_container_platform:3.1

Configuration #2

		CPE23	From	Up To
	Jenkins prior 1.625.2 version	cpe:2.3:a:jenkins:jenkins::::*:lts		< 1.625.2
	Jenkins prior 1.638 version	cpe:2.3:a:jenkins:jenkins		< 1.638