CVE-2016-9299

🔴 Łataj teraz

Moduł zdalny w Jenkins umożliwia zdalnym atakującym wykonanie dowolnego kodu przez spreparowany obiekt.

CVSS

9.8

EPSS

89.3%

Exploit

none

Vendor

jenkins

Opis źródłowy (NVD)

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

brak Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	89.3%
Opublikowano (NVD)	2017-01-12 23:59:00 UTC
Ostatnia modyfikacja (NVD)	2026-05-13 00:24:29 UTC

Referencje

http://www.openwall.com/lists/oss-security/2016/11/12/4 (cve@mitre.org) [Mailing List, Third Party Advisory]
http://www.openwall.com/lists/oss-security/2016/11/14/9 (cve@mitre.org) [Mailing List, Third Party Advisory]
http://www.securityfocus.com/bid/94281 (cve@mitre.org) [Third Party Advisory, VDB Entry]
http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition (cve@mitre.org) [Third Party Advisory]
https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ (cve@mitre.org)
https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/LZ7EOS0fBgAJ (cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW2KUKYLNLVDB7STLHLYALCUFLEGCRM6/ (cve@mitre.org)
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16 (cve@mitre.org) [Vendor Advisory]
https://www.cloudbees.com/jenkins-security-advisory-2016-11-16 (cve@mitre.org) [Vendor Advisory]
https://www.exploit-db.com/exploits/44642/ (cve@mitre.org) [Third Party Advisory, VDB Entry]