GHSA-wfw7-6632-xcv2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wfw7-6632-xcv2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wfw7-6632-xcv2/GHSA-wfw7-6632-xcv2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-wfw7-6632-xcv2
- Aliases
-
- CVE-2015-8103
- Published
- 2022-05-13T01:30:07Z
- Modified
- 2024-03-04T22:16:13.578088Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Jenkins CLI Deserialization of Untrusted Data vulnerability
- Details
-
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic
webapps/ROOT/WEB-INF/lib/commons-collections-*.jarfile and the "Groovy variant inysoserial". - Database specific
{ "cwe_ids": [ "CWE-502" ], "github_reviewed_at": "2024-01-09T16:32:01Z", "github_reviewed": true, "nvd_published_at": "2015-11-25T20:59:00Z", "severity": "CRITICAL" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-8103
- https://github.com/jenkinsci/jenkins/commit/5bd9b55a2a3249939fd78c501b8959a804c1164b
- https://github.com/jenkinsci/jenkins/commit/b4193d1132089286ebeaf9d8872c839ad473329c
- https://access.redhat.com/errata/RHSA-2016:0070
- https://github.com/jenkinsci/jenkins
- https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli
- https://web.archive.org/web/20151225025917/http://www.securityfocus.com/bid/77636
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
- https://www.exploit-db.com/exploits/38983
- http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/#jenkins
- http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html
- http://rhn.redhat.com/errata/RHSA-2016-0489.html
- http://www.openwall.com/lists/oss-security/2015/11/09/5
- http://www.openwall.com/lists/oss-security/2015/11/18/11
- http://www.openwall.com/lists/oss-security/2015/11/18/13
- http://www.openwall.com/lists/oss-security/2015/11/18/2
Affected packages
Maven / org.jenkins-ci.main:cli
Package
- Name
- org.jenkins-ci.main:cli
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/cli
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.625.2
Affected versions
1.*
1.396
1.397
1.398
1.399
1.400
1.401
1.403
1.404
1.405
1.406
1.407
1.408
1.409
1.409.1
1.409.2
1.409.3
1.410
1.411
1.412
1.413
1.414
1.415
1.416
1.417
1.418
1.419
1.420
1.421
1.422
1.423
1.424
1.424.1
1.424.2
1.424.3
1.424.4
1.424.5
1.424.6
1.425
1.426
1.427
1.428
1.429
1.430
1.431
1.432
1.433
1.434
1.435
1.436
1.437
1.438
1.439
1.440
1.441
1.442
1.443
1.444
1.445
1.446
1.447
1.447.1
1.447.2
1.448
1.449
1.450
1.451
1.452
1.453
1.454
1.455
1.456
1.457
1.458
1.459
1.460
1.461
1.462
1.463
1.464
1.465
1.466
1.466.1
1.466.2
1.467
1.468
1.469
1.470
1.471
1.472
1.473
1.474
1.475
1.476
1.477
1.478
1.479
1.480
1.480.1
1.480.2
1.480.3
1.481
1.482
1.483
1.484
1.485
1.486
1.487
1.488
1.489
1.490
1.491
1.492
1.493
1.494
1.495
1.496
1.497
1.498
1.499
1.500
1.501
1.502
1.503
1.504
1.505
1.506
1.507
1.508
1.509
1.509.1
1.509.2
1.509.2.JENKINS-8856-diag
1.509.2.JENKINS-14362-jzlib
1.509.3
1.509.3.JENKINS-14362-jzlib
1.509.4
1.510
1.511
1.512
1.513
1.514
1.515
1.516
1.516.JENKINS-14362-jzlib
1.517
1.518
1.518.JENKINS-14362-jzlib
1.519
1.520
1.521
1.522
1.523
1.524
1.525
1.526
1.527
1.528
1.529
1.530
1.531
1.532
1.532.1
1.532.1.JENKINS-19453
1.532.2
1.532.2.JENKINS-21622-diag
1.532.2.JENKINS-22395-diag
1.532.3
1.532.3.JENKINS-22395
1.532.3.JENKINS-22395-2
1.533
1.534
1.535
1.536
1.537
1.538
1.539
1.540
1.541
1.542
1.543
1.544
1.545
1.546
1.547
1.548
1.549
1.550
1.551
1.552
1.553
1.554
1.554.1
1.554.2
1.554.3
1.554.3.JENKINS-18065-ALLRM-all
1.554.3.JENKINS-18065-JENKINS-23945
1.555
1.556
1.557
1.558
1.559
1.560
1.561
1.562
1.563
1.564
1.565
1.565.1
1.565.1.JENKINS-22395-dropLinks
1.565.2
1.565.3
1.566
1.567
1.568
1.569
1.570
1.571
1.572
1.573
1.574
1.575
1.576
1.577
1.578
1.579
1.580
1.580.1
1.580.2
1.580.3
1.581
1.582
1.583
1.584
1.585
1.586
1.587
1.588
1.589
1.590
1.591
1.592
1.593
1.594
1.595
1.596
1.596.1
1.596.2
1.596.3
1.597
1.598
1.599
1.600
1.601
1.602
1.604
1.605
1.606
1.607
1.608
1.609
1.609.1
1.609.2
1.609.3
1.610
1.611
1.612
1.613
1.614
1.615
1.616
1.617
1.618
1.619
1.620
1.621
1.622
1.623
1.624
1.625
1.625.1
Maven / org.jenkins-ci.main:cli
Package
- Name
- org.jenkins-ci.main:cli
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.main/cli