CVE-2017-1000353—Jenkins Remote Code Execution Vulnerability
PUBLISHEDvulnerability record
2025-10-02 · last modified October 2, 2025
Metadata
漏洞名称
Jenkins Remote Code Execution Vulnerability
描述
Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism.
已知用于勒索软件活动吗?
采集行动
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.