From df0c3c05eeda5d6909014a666cb173e685172f5e Mon Sep 17 00:00:00 2001 From: swills Date: Wed, 16 Nov 2016 18:26:03 +0000 Subject: Document Jenkins Security Advisory 2016-11-16 --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e330d93c1f80..7203d677aa3e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,40 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + jenkins -- Remote code execution vulnerability in remoting module + + + jenkins + 2.31 + + + jenkins-lts + 2.19.2 + + + + +

Jenkins Security Advisory:

+
An unauthenticated remote code execution vulnerability allowed + attackers to transfer a serialized Java object to the Jenkins CLI, + making Jenkins connect to an attacker-controlled LDAP server, which + in turn can send a serialized payload leading to code execution, + bypassing existing protection mechanisms.
+

+ + + + CVE-2016-9299 + https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16 + + + 2016-11-11 + 2016-11-16 + + + moodle -- multiple vulnerabilities -- cgit