Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2017-1000353 - Jenkins Unauthenticated Remote Code Execution #11185

Closed
1 task done
princechaddha opened this issue Nov 11, 2024 · 8 comments · Fixed by #11191
Closed
1 task done

CVE-2017-1000353 - Jenkins Unauthenticated Remote Code Execution #11185

princechaddha opened this issue Nov 11, 2024 · 8 comments · Fixed by #11191
Assignees
Labels
💎 Bounty 💰 Rewarded template-requests Request for new Nuclei templates to be created

Comments

@princechaddha
Copy link
Member

Is there an existing template for this?

  • I have searched the existing templates.

Template requests

Description:

Jenkins versions 2.56 and earlier, as well as 2.46.1 LTS and earlier, are vulnerable to an unauthenticated remote code execution. The vulnerability arises from attackers being able to transfer a serialized Java SignedObject object to the Jenkins CLI, which is then deserialized using a new ObjectInputStream. This deserialization bypasses the existing blacklist-based protection mechanism. To address this, SignedObject has been added to the blacklist. Further, the new HTTP CLI protocol from Jenkins 2.54 has been backported to LTS 2.46.2, and the remoting-based (Java serialization) CLI protocol has been deprecated and disabled by default.

Severity:
Critical (CVSS: 9.8, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

EPSS:

  • Score: 0.97201
  • Percentile: 0.99862

PoCs:

Weaknesses:

  • CWE-502: Deserialization of Untrusted Data

Vulnerable CPE:

  • cpe:2.3:a:jenkins:jenkins::::::::
  • cpe:2.3:a:jenkins:jenkins:::::lts:::*
  • cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*

OSS:

  • No OSS information available

Anything else?

No response

@princechaddha princechaddha added the template-requests Request for new Nuclei templates to be created label Nov 11, 2024
@princechaddha
Copy link
Member Author

/bounty $50

Copy link

algora-pbc bot commented Nov 11, 2024

## 💎 $50 bounty • ProjectDiscovery Bounty Available for CVE Template Contribution

### Steps to Contribute:
- Claim attempt: Comment /attempt #11185 on this issue to claim attempt.
- Write the Template: Create a high-quality Nuclei template for the specified CVE, following our Contribution Guidelines and Acceptance Criteria.
- Submit the Template: Open a pull request (PR) to projectdiscovery/nuclei-templates and include /claim #11185 in the PR body to claim the bounty.
- Receive Payment: Upon successful merge of your PR, you will receive 100% of the bounty through Algora.io within 2-5 days. Ensure you are eligible for payouts.

Thank you for contributing to projectdiscovery/nuclei-templates and helping us democratize security!

> Acceptance Criteria: The template must include a complete POC and should not rely solely on version-based detection. Contributors are required to provide debug data(-debug) along with the template to help the triage team with validation. Rewards will only be given once the template is fully validated by the team. Templates that are incomplete or invalid will not be accepted. Avoid adding code templates for CVEs that can be achieved using HTTP, TCP, or JavaScript. Such templates are blocked by default and won’t produce results, so we prioritize creating templates with other protocols unless exceptions are made.
You can check the FAQ for the Nuclei Templates Community Rewards Program here.

Add a bountyShare on socials

Attempt Started (GMT+0) Solution
🔴 @aybanda Nov 11, 2024, 2:52:31 PM WIP
🟢 @hnd3884 Nov 11, 2024, 8:06:32 PM #11191

@aybanda
Copy link

aybanda commented Nov 11, 2024

/attempt #11185

Algora profile Completed bounties Tech Active attempts Options
@aybanda 1 bounty from 1 project
Cancel attempt

@hnd3884
Copy link
Contributor

hnd3884 commented Nov 11, 2024

/attempt #11185

Algora profile Completed bounties Tech Active attempts Options
@hnd3884 1 projectdiscovery bounty
Java, PHP,
Kotlin & more
Cancel attempt

Copy link

algora-pbc bot commented Nov 11, 2024

Note

The user @aybanda is already attempting to complete issue #11185 and claim the bounty. We recommend checking in on @aybanda's progress, and potentially collaborating, before starting a new solution.

Copy link

algora-pbc bot commented Nov 11, 2024

💡 @hnd3884 submitted a pull request that claims the bounty. You can visit your bounty board to reward.

Copy link

algora-pbc bot commented Nov 15, 2024

@aybanda: Reminder that in 4 days the bounty will become up for grabs, so please submit a pull request before then 🙏

Copy link

algora-pbc bot commented Dec 11, 2024

🎉🎈 @hnd3884 has been awarded $50! 🎈🎊

@ehsandeep ehsandeep linked a pull request Dec 26, 2024 that will close this issue
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
💎 Bounty 💰 Rewarded template-requests Request for new Nuclei templates to be created
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants