This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote web server is affected by a remote code execution
The Jenkins web server running on the remote host is affected by a
remote code execution vulnerability due to unsafe deserialize calls of
unauthenticated Java objects to the Groovy library, specifically the
runtime.MethodClosure class. An unauthenticated, remote attacker can
exploit this, via a crafted XML file, to execute arbitrary code on the
Note that the Jenkins web server may be affected by other
vulnerabilities as well; however, Nessus has not tested for these.
See also :
Upgrade to Jenkins version 1.642.2 / 1.650 or later. Alternatively,
disable the CLI port per the vendor advisory.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true