CVE-2016-0792 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-0792 Interim 1 3 2021-06-09T09:44:43Z current 2021-05-30T13:37:19Z 2021-06-09T09:44:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-0792 Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando. CVE-2016-0792 important 9 AV:N/AC:L/Au:S/C:C/I:C/A:C 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H