漏洞描述
CloudBees Jenkins CI是美国CloudBees公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。LTS是CloudBees Jenkins CI的一个长期支持版本。CloudBees Jenkins CI和LTS存在安全漏洞,允许攻击者可通过向API端点发送特制的XML文件执行任意代码。
Jenkins /createItem 反序列化代码执行漏洞(CVE-2016-0792)
PoC代码
暂无相关漏洞推荐
-
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier... -
jenkins-default-pwd: Jenkins Default Password POC
2025-09-01 | Jenkinsapp="Jenkins" -
jenkins-api-panel: Jenkins API Instance Detection Template POC
2025-09-01 | jenkins-api-panelTry to detect the presence of a Jenkins API instance via the API default XML endpoint -
CVE-2016-3081: Apache S2-032 Struts RCE POC
2025-09-01 | Apache StrutsApache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invo... -
CVE-2016-3088: ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088) POC
2025-09-01 | ActiveMQThe Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to uploa...