Red Hat Bugzilla – Bug 1418724
CVE-2017-2608 jenkins: XStream remote code execution vulnerability (SECURITY-383)
Last modified: 2018-06-29 18:18:07 EDT
The following flaw was found in Jenkins:
XStream-based APIs in Jenkins (e.g. /createItem URLs, or POST config.xml remote API) were vulnerable to a remote code execution vulnerability involving the deserialization of various types in javax.imageio.
In case this extension of the blacklist results in regressions, the blacklist can be customized as described in the Jenkins LTS upgrade guide for Jenkins 2.19.3.
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1418736]