Jenkins Stapler Web Framework Arbitrary Code Execution Vulnerability – 17th Dec 2018

Preface: Vulnerabilities are flaws in computer software that create weaknesses in your computer or network overall security.
Can you imagine that what is the actual situation before vulnerability found?

Background information: Jenkins is the leading open-source automation server. Built with Java, it provides over 1000 plugins to support automation.

Vulnerability announcement on 17th Dec 2018:
The vulnerability is due to improper handling of HTTP requests by the stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java code of the Stapler web framework used by the affected software. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the targeted system. An exploit could allow the attacker to invoke certain methods that are not intended to be invoked, which the attacker could use to execute arbitrary code.

Official announcement (Remedy): https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595