Jenkins XStream Java Library Deserialization Vulnerability Remote Code Execution Exploit Update

Jenkins is prone to a remote vulnerability due to deserialization of untrusted inputs, allowing attackers to instantiate arbitrary Java objects leading to remote code execution. There are several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. This update adds support for HTTPS and IPv6. It also allows to change the application root path.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2016-0792
Product Version: 
2015_R1
Released Date: 
Wednesday, April 13, 2016 - 00:00