Full title: Jenkins XStream Groovy classpath Deserialization Exploit 
Category: remote exploits
Platform: unix
This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default installations. Authentication is not required to exploit the vulnerability.

# 0day.today @ http://0day.today/