THREATOPS
THREAT OPSCVEs › CVE-2017-1000353

CVE-2017-1000353 — Jenkins Remote Code Execution Vulnerability

CISA KEVExploited: confirmedJenkins

Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.

Vulnerability details