CVE-2016-0788Deserialization of Untrusted Data in Jenkins

CWE-264CWE-502Deserialization of Untrusted Data8 documents7 sources
Severity
9.8CRITICALNVD
EPSS
37.4%
top 2.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
JenkinsRedhat Openshift
Timeline
PublishedApr 7
Latest updateMay 14

Description

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDjenkins/jenkins1.649+1

Patches

Patch: wiki.jenkins-ci.orgPatch: wiki.jenkins-ci.org

🔴Vulnerability Details

3
GHSA
Jenkins allows Execution of Code by Opening a JRMP Listener2022-05-14
OSV
Jenkins allows Execution of Code by Opening a JRMP Listener2022-05-14
CVEList
CVE-2016-0788: The remoting module in Jenkins before 12016-04-07

📋Vendor Advisories

2
Red Hat
jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)2016-02-24
Jenkins
Jenkins Security Advisory 2016-02-242016-02-24

💬Community

2
Bugzilla
CVE-2016-0788 CVE-2016-0789 CVE-2016-0790 CVE-2016-0791 CVE-2016-0792 jenkins: security advisory 2016-02-24 [fedora-all]2016-02-25
Bugzilla
CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)2016-02-25
CVE-2016-0788 — Deserialization of Untrusted Data | cvebase