infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add CVE to module description

MS-2855/keylogger-mettle-extension
attackdebris 2017-11-07 11:05:14 -05:00
parent d770406049
commit 7173e7f4b4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/multi/http/jenkins_xstream_deserialize.rb
View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
super(update_info(info,
'Name' => 'Jenkins XStream Groovy classpath Deserialization Vulnerability',
'Description' => %q{
This module exploits a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions
This module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions
older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath,
which allows remote arbitrary code execution. The issue affects default installations. Authentication
is not required to exploit the vulnerability.