Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 13 Nov 2016 00:13:40 +0100
From: Daniel Beck <>
Subject: CVE request: Jenkins remote code execution vulnerability


An unauthenticated remote code execution vulnerability was discovered in the
Jenkins continuous integration and continuous delivery automation server.
A serialized Java object transferred to the Jenkins CLI can make Jenkins
connect to an attacker-controlled LDAP server, which in turn can send a
serialized payload leading to code execution, bypassing existing protection

The Jenkins project tracks this as SECURITY-360. Releases with the fix are
planned for Wednesday, November 16.

Please assign a CVE to this issue.


Jenkins website:

Publication of the vulnerability in this talk:

Notification and workaround by the Jenkins project here:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ