admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2017-1000353

Browse Source
This commit is contained in:
tardc 2020-04-23 10:57:51 +08:00
parent d15ede94b8
commit 9a4ef56505
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Jenkins/CVE-2017-1000353/README.md Normal file
View File

@ -0,0 +1,10 @@
# CVE-2018-1000353 Jenkins Remote Code Execution Vulnerability
An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blacklist-based protection mechanism.
**[FOFA](https://fofa.so/result?qbase64=YXBwPSJKZW5raW5zIg%3D%3D) query rule**: app="Jenkins"
# Demo
![](jenkins_CVE-2018-1000353.gif)

BIN
Jenkins/CVE-2017-1000353/jenkins_CVE-2018-1000353.gif Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB