FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

jenkins -- remote code execution via unsafe deserialization

Affected packages
jenkins < 1.638
jenkins-lts < 1.625.2

Details

VuXML ID b665668a-91db-4f13-8113-9e4b5b0e47f7
Discovery 2015-11-06
Entry 2015-11-11

Jenkins Developers report:

Unsafe deserialization allows unauthenticated remote attackers to run arbitrary code on the Jenkins master.

References

URL http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#thefix
URL https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
URL https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11