An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. This can be exploited by malicious local attackers to gain SYSTEM privileges on Windows targets.
CVE Link
Product Name