Jenkins groovy.util.Expando Java deserialization vulnerability
Added: 08/15/2017 CVE: CVE-2016-0792 BID: 83720 Background Jenkins is a standalone, open-source automation server written in Java. Problem A deserialization vulnerability in the groovy.util.Expando class allows a remote attacker to execute arbitrary commands by requesting createItem with speciall...