CVE-2016-9299: jenkins: Java deserialization flaw leads to RCE

Severity: Critical

CVSS Score: 9.8

The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.