# N/A
## 漏洞概述
Jenkins版本2.56及之前版本,以及2.46.1 LTS及之前版本存在未授权远程代码执行漏洞。攻击者可以通过传输一个序列化的Java `SignedObject`对象绕过现有的黑名单保护机制,在Jenkins CLI中进行反序列化操作。
## 影响版本
- Jenkins 2.56及之前版本
- Jenkins 2.46.1 LTS及之前版本
## 漏洞细节
- 未授权攻击者可以将一个序列化的Java `SignedObject`对象传递给Jenkins CLI。
- 该对象使用新的`ObjectInputStream`进行反序列化,从而绕过了现有的黑名单保护机制。
- 修复措施包括将`SignedObject`添加到黑名单中。
- 从Jenkins 2.54移植新的HTTP CLI协议到LTS 2.46.2版本,并废弃基于远程调用(即Java序列化)的CLI协议,将其默认关闭。
## 影响
- 未授权远程代码执行漏洞能够允许攻击者在目标系统上执行任意代码。
- 该漏洞可能导致系统被完全接管,严重威胁系统安全。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | jenkins CVE-2017-1000353 POC | https://github.com/vulhub/CVE-2017-1000353 | POC详情 |
| 2 | None | https://github.com/r00t4dm/Jenkins-CVE-2017-1000353 | POC详情 |
| 3 | Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default. | https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2017/CVE-2017-1000353.yaml | POC详情 |
| 4 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Jenkins-CI%20%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-1000353.md | POC详情 |
| 5 | https://github.com/vulhub/vulhub/blob/master/jenkins/CVE-2017-1000353/README.md | POC详情 | |
| 6 | TeddWiki conduction bundled with TiddlyMap in a Docker container | https://github.com/Jelc0Doesbruf/CVE-2017-1000353 | POC详情 |
暂无评论