###Summary:
The target OwnCloud’s server is running an outdated version of Jenkins server which is vulnerable to various attacks.
Server Location: https://ci.owncloud.org
Vulnerable Software: Jenkins ver. 2.27
###Proof of Exploitability
CVE-2016-3727
POC URL: https://ci.owncloud.org/computer/(master)/api/xml
>Details:
> The API URL /computer/(master)/api/xml allowed users with the extended read permission for the master node to see some global Jenkins configuration, including the configuration of the security realm.
> Source: https://jenkins.io/security/advisory/2016-05-11/
Additionally, the current software version is also vulnerable to RCE.
>CVE-2017-2608
>XStream remote code execution vulnerability
>Affected Versions: < 2.43
> Source: https://jenkins.io/security/advisory/2017-02-01/
###Recommended Fix
Update Jenkins server to latest version 2.47