Jenkins allows Execution of Code by Opening a JRMP Listener · CVE-2016-0788 · GitHub Advisory Database · GitHub

Jenkins allows Execution of Code by Opening a JRMP Listener

Critical severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Mar 13, 2025

Package

org.jenkins-ci.main:jenkins-core (Maven)

Affected versions

>= 1.643, < 1.650

< 1.642.2

Patched versions

1.650

1.642.2

Description

The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.

References

Published by the National Vulnerability Database

Apr 7, 2016

Published to the GitHub Advisory Database May 14, 2022

Reviewed Mar 13, 2025

Last updated Mar 13, 2025

Severity

Critical

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H