Jenkins » Jenkins : Security Vulnerabilities, CVEs, Published In 2015 (Code Execution)

CVE-2015-8103

Public exploit
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
Max CVSS
9.8
EPSS Score
80.77%
Published
2015-11-25
Updated
2024-01-09

CVE-2015-1806

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.53%
Published
2015-10-16
Updated
2016-06-15

CVE-2014-3665

Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
Max CVSS
6.8
EPSS Score
2.05%
Published
2015-11-25
Updated
2023-02-13
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close