Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-1000355  

Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to create or configure items (jobs), views, or agents. Jenkins now prohibits the attempted deserialization of void / Void that results in a crash.

Source
Severity Medium

Remote Yes

Type Arbitrary code execution

Description 

Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to create or configure items (jobs), views, or agents.

Jenkins now prohibits the attempted deserialization of void / Void that results in a crash.

AVG-255 jenkins 2.56-1 2.57-1 High Fixed

27 Apr 2017 ASA-201704-8 AVG-255 jenkins High multiple issues 

http://www.openwall.com/lists/oss-security/2017/04/03/4

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started