漏洞描述
CloudBees Jenkins CI是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。LTS是CloudBees Jenkins CI的一个长期支持版本。CloudBees Jenkins CI和LTS存在安全漏洞,允许攻击者可通过向API端点发送特制的XML文件执行任意代码。
Jenkins /createItem 反序列化代码执行漏洞(CVE-2016-0792)
PoC代码
暂无相关漏洞推荐
- (CVE-2025-59474)Jenkins侧边栏权限绕过漏洞
- jenkins-unauthorized-rce: Jenkins unauthorized rce
- POC CVE-2017-1000353: Jenkins CLI - Java Deserialization
- POC CVE-2016-9299: Jenkins CLI - HTTP Java Deserialization
- POC CVE-2018-1000600: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
- POC CVE-2018-1000861: Jenkins - Remote Command Injection
- POC CVE-2019-1003000: Jenkins Script Security Plugin <=1.49 - Sandbox Bypass
- POC CVE-2019-10405: Jenkins <=2.196 - Cookie Exposure
- POC CVE-2019-10475: Jenkins build-metrics 1.3 - Cross-Site Scripting
- POC CVE-2020-2096: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
- POC CVE-2020-2103: Jenkins <=2.218 - Information Disclosure
- POC CVE-2022-36883: Jenkins Git <=4.11.3 - Missing Authorization
- POC CVE-2024-23897: Jenkins < 2.441 - Arbitrary File Read