VDB
CVE-2016-0792
CVE-2016-0792
PUBLISHED
CVSS 9 CRITICAL
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
EPSS 90.56% · 99.6th percentile
Risk Scores
CVSS 2.0
9
EPSS Score
90.56%
99.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.jenkins-ci.main:jenkins-core | 1.643, 0 |
| n/a | n/a | n/a |
| jenkins | jenkins | 0, 0 |
| redhat | openshift | 3.1 |
Exploit Intelligence
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (github-poc-repo)
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (github-poc-repo)
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (github-poc-repo)
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (github-poc-repo)
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (github-poc-repo)
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792 (github-poc-repo)
- Modified Verion of CVE-2016-0792 (github-poc-repo)
- Modified Verion of CVE-2016-0792 (github-poc-repo)
- Modified Verion of CVE-2016-0792 (github-poc-repo)
- Modified Verion of CVE-2016-0792 (github-poc-repo)
…and 34 more exploits
Timeline
- Apr 7, 2016 CVE Published
- Jul 30, 2017 PoC Published
- Jul 31, 2017 PoC Published
- Dec 19, 2017 PoC Published
- Dec 19, 2017 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
References
- 43375 exploit
- RHSA-2016:0711 vendor-advisory
- 42394 exploit
- https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream url
- RHSA-2016:1773 vendor-advisory
- https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24 url
- https://nvd.nist.gov/vuln/detail/CVE-2016-0792 advisory
- https://github.com/jenkinsci/jenkins/commit/7f202f0317e60cd3160f61467b8558f864f83f41 url
- https://github.com/jenkinsci/jenkins package
- https://www.exploit-db.com/exploits/42394 url
- https://www.exploit-db.com/exploits/43375 url