VDB

CVE-2016-9299

CVE-2016-9299 PUBLISHED CVSS 7.5 HIGH

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

EPSS 89.25% · 99.6th percentile

Risk Scores

CVSS 2.0
7.5
EPSS Score
89.25%
99.6th percentile

Affected Products

VendorProductVersions
fedoraprojectfedora25, 25, 25
jenkinsjenkins0, 0, 0
Mavenorg.jenkins-ci.main:jenkins-core2.20, 0, 2.20
n/an/an/a, n/a

Timeline

  • Nov 16, 2016 VulnCheck KEV Exploitation
  • Jan 12, 2017 CVE Published
  • May 17, 2018 PoC Published
  • May 18, 2018 PoC Published
  • May 29, 2018 PoC Published
  • Feb 4, 2022 EPSS Score
  • Mar 10, 2023 EPSS Score
  • Nov 8, 2023 EPSS Score
  • Dec 17, 2024 EPSS Score
  • Feb 6, 2025 PoC Published
  • Feb 23, 2025 PoC Published
  • Mar 17, 2025 EPSS Score

References

…and 1 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›