CVE Alert: CVE-2017-1000353 – n/a – n/a
CVE-2017-1000353
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We’re fixing this issue by adding `SignedObject` to the blacklist. We’re also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
AI Summary Analysis
Risk verdict
High risk: active exploitation state is reported and the KEV entry confirms known exploitation activity; treat as priority 1.
Why this matters
Unauthenticated remote code execution on a continuous integration server can allow attackers to take control of build pipelines, inject malicious code, exfiltrate credentials, and pivot into connected systems. Organisations relying on automated CI/CD may suffer rapid, widespread impact across development, testing, and production environments.
Most likely attack path
Remote, unauthenticated attacker could deliver a crafted serialized Java SignedObject to the Jenkins CLI, exploiting deserialization to achieve full code execution over the network. No user interaction or privileges are required, making initial compromise straightforward against exposed instances. Once code execution is gained, adversaries may deploy persistence, deploy malicious builds, or access credentials stored on the server, enabling lateral movement within trusted network segments.
Who is most exposed
Typically exposed Jenkins servers in development/CI pipelines, including on-premises or cloud deployments with open CLI access or inadequate network controls. Environments with older LTS or non-patched instances are particularly at risk.
Detection ideas
- Unexpected ObjectInputStream deserialization errors in Jenkins logs.
- Anomalous CLI traffic from external sources, especially serialized payload patterns.
- Alerts for Known Exploit/Deserialization indicators (SignedObject-related signatures).
- Unusual spikes in CPU/memory on Jenkins hosts following remote connection attempts.
- Signatures or indicators from Exploit-DB/issuer advisories.
Mitigation and prioritisation
- Patch to fixed versions or apply vendor-recommended updates; disable legacy remoting CLI by default and enable the secure HTTP CLI.
- Restrict CLI access to trusted networks; enforce authentication, VPN or mTLS.
- Disable Java deserialization in CI workflows where feasible; enforce strict input validation.
- Implement network segmentation and least-privilege service accounts for Jenkins agents.
- Schedule immediate testing in a staging environment; maintain change-control logs; treat as priority 1 due to KEV and exploitation activity.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
