VYPR
Critical severity9.8NVD Advisory· Published Nov 25, 2015· Updated Jun 17, 2026

CVE-2015-8103

CVE-2015-8103

Description

The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jenkins-ci.main:cliMaven
< 1.625.21.625.2
org.jenkins-ci.main:cliMaven
>= 1.626, < 1.6381.638

Affected products

5
  • cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*range: <1.638
    • cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*range: <1.625.2
  • cpe:2.3:a:redhat:openshift_container_platform:2.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:redhat:openshift_container_platform:2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.625.2

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.