Lucene search
K

16 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:30 a.m.4 views

ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1304 more potentially affected by CVE-2015-8103 via org.jenkins-ci.main:cli (>=1.396 <=1.625.1)

org.jenkins-ci.main:cli MAVEN version =1.396, =1.1, =0.0.1, =1.0, =0.0.1, =0.9, =1.3, =1.0, =1.0, =2.2.1, =1.0.3, =1.0.0, =1.0, =1.0.0, =1.2.0 and more Source cves: CVE-2015-8103 Source advisory: OSV:GHSA-WFW7-6632-XCV2...

9.8CVSS7.2AI score0.86829EPSS
Exploits12
vulnersOsv
vulnersOsv
added 2022/05/13 1:30 a.m.5 views

com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +14 more potentially affected by CVE-2015-8103 via org.jenkins-ci.main:cli (>=1.626 <=1.637)

org.jenkins-ci.main:cli MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0.18 and more Source cves: CVE-2015-8103 Source advisory: OSV:GHSA-WFW7-6632-XCV2...

9.8CVSS7.2AI score0.86829EPSS
Exploits12
Gitee
Gitee
added 2020/10/29 1:31 p.m.5 views

Exploit for Deserialization of Untrusted Data in Redhat Data_Grid

This repository contains a collection of Python scripts for exploiting Java deserialization vulnerabilities in various applications, including Cisco Prime Infrastructure, JBoss, Jenkins, and OpenNMS. The scripts use the ysoserial tool to generate the payload. The scripts can be categorized into...

10CVSS7.4AI score0.86829EPSS
Exploits38
Veracode
Veracode
added 2019/05/02 5:21 a.m.49 views

Cross-Site Scripting (XSS)

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
added 2019/05/02 5:21 a.m.41 views

Path Traversal

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Veracode
Veracode
added 2019/05/02 5:21 a.m.36 views

Sensitive Information Disclosure

OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. The following security issues are addressed with this release: An authorization flaw was discovered in Kubernetes; the API server did not...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References40Affected Software53
Metasploit
Metasploit
added 2016/07/12 3:22 a.m.35 views

OpenNMS Java Object Unserialization Remote Code Execution

This module exploits a vulnerability in the OpenNMS Java object which allows an unauthenticated attacker to run arbitrary code against the system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

9.8CVSS7.6AI score0.86829EPSS
Exploits12
OSV
OSV
added 2016/04/13 5:39 p.m.11 views

MGASA-2016-0137 Updated apache-commons-collections packages fix CVE-2015-8103

Updated apache-commons-collections packages fix security vulnerability: Due to an issue with serialization, Java applications can be vulnerable to malicious remote code execution when the apache-commons-collections library is on the classpath CVE-2015-8103...

9.8CVSS9.8AI score0.86829EPSS
Exploits12References3
Circl
Circl
added 2015/12/15 12:0 a.m.40 views

CVE-2015-8103

creationtimestamp| type| source ---|---|--- 2015-12-15 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38983 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/jenkinsjavadeserialize.rb 2018-05-29 15:50:33+00:00|...

9.8CVSS8.4AI score0.86829EPSS
Exploits12References6
Packet Storm
Packet Storm
added 2015/12/14 12:0 a.m.62 views

Jenkins CLI RMI Java Deserialization

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Jenkins CLI RMI Java Deserialization Vulnerability', 'Description' = %q This module exploits a vulnerability in Jenkins. An unsafe...

7.5CVSS0.3AI score0.86829EPSS
Exploits12
Metasploit
Metasploit
added 2015/12/11 8:57 p.m.89 views

Jenkins CLI RMI Java Deserialization Vulnerability

This module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to exploit this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS8.9AI score0.86829EPSS
Exploits12
canvas
canvas
added 2015/11/25 8:59 p.m.543 views

Immunity Canvas: JENKINS_CLI_DESERIALIZATION

Name| jenkinsclideserialization ---|--- CVE| CVE-2015-8103 Exploit Pack| CANVAS Description| jenkinsclideserialization Notes| CVE Name: CVE-2015-8103 VENDOR: Jenkins NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...

7.5CVSS8.7AI score0.86829EPSS
Exploits12
ATTACKERKB
ATTACKERKB
added 2015/11/25 8:59 p.m.5 views

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

9.8CVSS5.8AI score0.86829EPSS
Exploits12References17
Cvelist
Cvelist
added 2015/11/25 8:0 p.m.42 views

CVE-2015-8103

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in 'ysoserial'"...

9.5AI score0.86829EPSS
Exploits12References12
CVE
CVE
added 2015/11/25 8:0 p.m.154 views

CVE-2015-8103

CVE-2015-8103 affects Jenkins CLI deserialization in the Jenkins core prior to 1.638 (and LTS prior to 1.625.2). A crafted serialized Java object can trigger remote code execution via a vulnerable commons-collections library and the Groovy variant in ysoserial. Impact is remote code execution wit...

9.8CVSS8.6AI score0.86829EPSS
Exploits12References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/11/17 12:0 a.m.175 views

Jenkins < 1.638 / 1.625.2 Java Object Deserialization RCE

The remote web server hosts a version of Jenkins or Jenkins Enterprise that is prior to 1.638 or 1.625.2. It is, therefore, affected by a flaw in the Apache Commons Collections ACC library that allows the deserialization of unauthenticated Java objects. An unauthenticated, remote attacker can...

9.8CVSS8.8AI score0.86829EPSS
Exploits12References5
Rows per page
Query Builder