CVE-2017-1000355 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Arbitrary code execution |
Description | Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to create or configure items (jobs), views, or agents. Jenkins now prohibits the attempted deserialization of void / Void that results in a crash. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-255 | jenkins | 2.56-1 | 2.57-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
27 Apr 2017 | ASA-201704-8 | AVG-255 | jenkins | High | multiple issues |
References |
---|
http://www.openwall.com/lists/oss-security/2017/04/03/4 |