Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2017-1000353
HistoryApr 27, 2017 - 9:48 a.m.

CVE-2017-1000353

2017-04-2709:48:31
redhat.com
access.redhat.com
23

0.97 High

EPSS

Percentile

99.8%

JSON

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blacklist-based protection mechanism. We’re fixing this issue by adding SignedObject to the blacklist. We’re also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.

Related

osv 2
cvelist 1
cve 1
prion 1
attackerkb 1
threatpost 2
ubuntucve 1
checkpoint_advisories 1
github 1
seebug 1
nvd 1
packetstorm 1
openvas 2
nessus 2
freebsd 1
rapid7blog 1
kitploit 1
impervablog 1
oracle 1
osv
osv
CVE-2017-1000353
2018-01-29 17:29:00
Deserialization of Untrusted Data in Jenkins
2022-05-13 01:01:03
cvelist
cvelist
CVE-2017-1000353
2018-01-29 17:00:00
cve
cve
CVE-2017-1000353
2018-01-29 17:29:00
prion
prion
Remote code execution
2018-01-29 17:29:00
attackerkb
attackerkb
CVE-2017-1000353
2018-01-29 00:00:00
threatpost
threatpost
New Cryptominer Distributes XMRig in Aggressive Attacks
2018-05-16 19:56:09
Active Campaign Exploits Critical Apache Struts 2 Flaw in the Wild
2018-09-05 17:48:03
ubuntucve
ubuntucve
CVE-2017-1000353
2018-01-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Jenkins CI Unauthenticated Remote Code Execution (CVE-2017-1000353)
2018-02-15 00:00:00
github
github
Deserialization of Untrusted Data in Jenkins
2022-05-13 01:01:03
seebug
seebug
Jenkins Java Deserialization Remote Code Execution Vulnerability (CVE-2017-1000353)
2017-04-28 00:00:00
nvd
nvd
CVE-2017-1000353
2018-01-29 17:29:00
packetstorm
packetstorm
Jenkins 2.56 CLI Deserialization / Code Execution
2020-09-22 00:00:00
openvas
openvas
Jenkins Multiple Vulnerabilities (Apr 2017) - Linux
2017-04-28 00:00:00
Jenkins Multiple Vulnerabilities (Apr 2017) - Windows
2017-04-28 00:00:00
nessus
nessus
FreeBSD : jenkins -- multiple vulnerabilities (631c4710-9be5-4a80-9310-eb2847fe24dd)
2017-04-27 00:00:00
Jenkins < 2.46.2 / 2.57 and Jenkins Enterprise < 1.625.24.1 / 1.651.24.1 / 2.7.24.0.1 / 2.46.2.1 Multiple Vulnerabilities
2017-05-04 00:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2017-04-26 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-up
2020-09-25 18:54:14
kitploit
kitploit
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

0.97 High

EPSS

Percentile

99.8%

JSON
Related for RH:CVE-2017-1000353
osv2cvelist1cve1prion1attackerkb1threatpost2ubuntucve1checkpoint_advisories1github1seebug1nvd1packetstorm1openvas2nessus2freebsd1rapid7blog1kitploit1impervablog1oracle1