Jenkins Unauthenticated Remote Code Execution Via CLI

Decription: Recently it was reported that it is possible for unauthenticated user to execute remote code vulnerability in Jenkins. Affected versions: All Recommended action: disable the CLI for now As this uses the same attack vector as SECURITY-218, you can reuse the script and instructions published in this repository: https://github.com/jenkinsci-cert/SECURITY-218 Origin URLs: https://jenkins.io/blog/2016/11/12/addressing-remote-vulnerabilities-in-cli/

Continue reading ...