Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/15 7:15 p.m.7 views

CVE-2026-53435

A flaw was found in Jenkins. Attackers can exploit a deserialization vulnerability by submitting a specially crafted config.xml file. This allows them to deserialize arbitrary types, leading to the ability to impersonate users and send HTTP requests on their behalf. The most critical impact is th...

8.8CVSS6.2AI score0.14907EPSS
Exploits2References4
OSV
OSV
added 2026/06/12 8:43 a.m.6 views

BIT-JENKINS-2026-53435

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

8.8CVSS5.5AI score0.14907EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/10 1:5 p.m.11 views

EUVD-2026-36019

In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled config.xml submission in a way that allows them to handle HTTP requests afterwards. This can be used to...

8.8CVSS5.7AI score0.14907EPSS
Exploits2References1
CVE
CVE
added 2026/06/10 1:5 p.m.198 views

CVE-2026-53435

CVE-2026-53435 affects Jenkins 2.567 and earlier, including LTS 2.555.2 and earlier. The root cause is unsafe deserialization due to a deserialization sink that bypasses a ClassFilter, allowing an attacker who can POST a config.xml to deserialize arbitrary core/plugin types and reach them via HTT...

8.8CVSS5.7AI score0.14907EPSS
In wildExploits2References4Affected Software1
OSV
OSV
added 2022/05/24 5:39 p.m.2 views

GHSA-QV6F-RCV6-6Q3X Improper handling of REST API XML deserialization errors in Jenkins

Jenkins provides XML REST APIs to configure views, jobs, and other items. When deserialization fails because of invalid data, Jenkins 2.274 and earlier, LTS 2.263.1 and earlier stores invalid object references created through these endpoints in the Old Data Monitor. If an administrator discards t...

8CVSS7.1AI score0.01677EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:30 a.m.4 views

GHSA-WFW7-6632-XCV2 Jenkins CLI Deserialization of Untrusted Data vulnerability

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-.jar file and the "Groovy variant in ysoserial"...

9.8CVSS7.4AI score0.86829EPSS
Exploits12References16
Rows per page
Query Builder