[gmx-developers] Jenkins vulnerability

Åke Sandgren ake.sandgren at hpc2n.umu.se
Tue Nov 10 07:55:50 CET 2015


In case you haven't seen this yet.

Please assign a CVE to this issue:

Remote code execution vulnerability due to unsafe deserialization in
Jenkins remoting
Unsafe deserialization allows unauthenticated remote attackers to run
arbitrary code on the Jenkins master.
This is tracked as SECURITY-218 in the Jenkins project. All current
Jenkins releases are affected.

Public exploit:

Temporary workaround:

A related issue is being discussed here:
Jenkins is affected by both this and the Groovy variant in 'ysoserial'.

We plan to release a fix for this as part of our planned security update
on Wednesday.


Ake Sandgren, HPC2N, Umea University, S-90187 Umea, Sweden
Internet: ake at hpc2n.umu.se   Phone: +46 90 7866134 Fax: +46 90-580 14
Mobile: +46 70 7716134 WWW: http://www.hpc2n.umu.se

More information about the gromacs.org_gmx-developers mailing list