CVE-2015-8103
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
83.93 % (99th)
Affected Products
2
Advisories
1
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Weaknesses
- CWE-502
- Deserialization of Untrusted Data
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-11-25 20:59:19
(8 years ago) - Updated Date
-
2024-01-09 02:16:29
(8 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...