Jenkins LDAP Java Library Deserialization Vulnerability Remote Code Execution Exploit

An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2016-9299
Product Version: 
2017_R1
Released Date: 
Wednesday, February 22, 2017 - 00:00