CSRF to RCE in Jenkins

[Nicolas Grégoire <nicolas.gregoire () agarri fr>]

Hello,

a CSRF to RCE exploit was published on Bugtraq last week. It affects
Jenkins >= 1.626, including the latest public version. No CVE is
affected (AFAIK) and an exploit should be added to the BeEF Project
soon.

Original post to Bugtraq:
http://seclists.org/bugtraq/2015/Aug/161

BeEf devs working on an exploit for 1.627:
https://twitter.com/bmantra/status/638680685084037120

Cheers,
Nicolas

Attachment: signature.asc
Description: This is a digitally signed message part