added metadata

projectdiscovery · Nov 12, 2024 · bb599a2 · bb599a2
1 parent 0b117c1
commit bb599a2
Showing 1 changed file with 25 additions and 4 deletions.
diff --git a/http/cves/2017/CVE-2017-1000353.yaml b/http/cves/2017/CVE-2017-1000353.yaml
@@ -1,11 +1,33 @@
 id: CVE-2017-1000353
 
 info:
-  name: Jenkins Unauthenticated Remote Code Execution
+  name: Jenkins CLI - Java Deserialization
   author: hnd3884
-  severity: Critical
+  severity: critical
   description: |
-    Jenkins versions 2.56 and earlier, as well as 2.46.1 LTS and earlier, are vulnerable to an unauthenticated remote code execution. The vulnerability arises from attackers being able to transfer a serialized Java SignedObject object to the Jenkins CLI, which is then deserialized using a new ObjectInputStream. This deserialization bypasses the existing blacklist-based protection mechanism.
+    Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
+  reference:
+    - http://packetstormsecurity.com/files/159266/Jenkins-2.56-CLI-Deserialization-Code-Execution.html
+    - https://www.exploit-db.com/exploits/41965/
+    - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2017-1000353
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2017-1000353
+    cwe-id: CWE-502
+    epss-score: 0.97201
+    epss-percentile: 0.99862
+    cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*
+  metadata:
+    vendor: jenkins
+    product: jenkins
+    shodan-query:
+      - cpe:"cpe:2.3:a:jenkins:jenkins"
+      - http.favicon.hash:"81586312"
+      - product:"jenkins"
+      - x-jenkins
+    fofa-query: icon_hash=81586312
+  tags: cve,cve2017,jenkins,rce
 
 variables:
   OAST: "{{interactsh-url}}"
@@ -82,4 +104,3 @@ code:
         dsl:
           - 'contains(interactsh_protocol, "dns")'
         condition: and
-# digest: 4a0a0047304502203c5c6db23c3a60c31ee1a45fec997ebe91b0f965532d3c084e85671dd0025d88022100c9af8649d847d1cd74649da34d7afbd8c0d19b14a313c5a3c76f4bebb42e4f7e:76a15c34e1883a81d3a95424e8103c78