CVE-2015-8103
published 2015-11-25CVE-2015-8103: The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | jenkins | < 1.625.2 | 1.625.2 |
| jenkins | jenkins | < 1.638 | 1.638 |
| jenkins | jenkins_core | — | — |
| jenkins | jenkins_lts | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |