The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.4%.
Deserialization
RCE
Jenkins
Java
Openshift Container Platform
NVD
Exploit-DB
CVSS 3.1
9.8
EPSS
90.4%
Threat
6.2