The host is installed with Jenkins LTS before 1.642.2 or Jenkins rolling release before 1.650 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to properly handle multiple unspecified API endpoints. Successful exploitation could allow remote authenticated users to execute arbitrary code via serialized data in an XML file.