Note:
This project will be discontinued after December 13, 2021. [more]
2018-12-10
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way.
Products | Jenkins, Openshift_container_platform |
Type | Deserialization of Untrusted Data (CWE-502) |
First patch | - None (likely due to unavailable code) |
Links |
• http://www.securityfocus.com/bid/106176
• https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595 • http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html • https://access.redhat.com/errata/RHBA-2019:0024 |