Jenkins Remote Code Execution via Crafted Serialized Java Object and LDAP Query

CVE-2016-9299 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.

Learn more about our Cis Benchmark Audit For Server Software.