{"vulnerability": "CVE-2017-1000353", "sightings": [{"uuid": "a15273b8-a33f-42d4-98c0-4d9143ecd338", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "MISP/391efb23-afc4-441e-aa2d-f059fa1fb60b", "content": "", "creation_timestamp": "2020-10-09T16:23:16.000000Z"}, {"uuid": "addaa6bf-b9c6-4f46-94d1-01f76bdd5555", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "MISP/830935ed-e522-4e00-9ce7-61f03acd871e", "content": "", "creation_timestamp": "2020-10-09T16:14:59.000000Z"}, {"uuid": "6a0c7138-8a7f-4e65-82e7-2377c68c09a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/4846806", "content": "", "creation_timestamp": "2025-10-02T16:29:14.121869Z"}, {"uuid": "03c0f1ee-5741-4de8-ba61-c916b0d55787", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://t.me/arpsyndicate/1562", "content": "#ExploitObserverAlert\n\nCVE-2017-1000353\n\nDESCRIPTION: Exploit Observer has 44 entries related to CVE-2017-1000353. Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.\n\nFIRST-EPSS: 0.972780000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-08T12:44:07.000000Z"}, {"uuid": "ae422e87-eb1e-4048-adc1-33cdf0377eee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3m2ad5y2iv22m", "content": "", "creation_timestamp": "2025-10-02T19:49:19.308297Z"}, {"uuid": "e1de698b-e18f-41a5-890f-872c09a4e0f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2cxppny5h2a", "content": "", "creation_timestamp": "2025-10-03T21:02:30.084093Z"}, {"uuid": "04163f2a-a3fd-4e40-8b9c-7ab8faf0c57c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/jenkins_cli_deserialization.rb", "content": "", "creation_timestamp": "2020-09-22T10:43:28.000000Z"}, {"uuid": "83dd094d-5a37-49c4-bae4-58aed646740a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2017-1000353", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7f1d1b0e-6361-49fc-b7d6-9013c9f7856f", "content": "", "creation_timestamp": "2026-02-02T12:25:51.617907Z"}, {"uuid": "a6b9d8a5-01de-4c2f-b157-2b06a61b4a50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "published-proof-of-concept", "source": "Telegram/BAsNzJZdhJW2MG9rbCjXN74mbWFjGBfSvbUTeOUySb5QZrU", "content": "", "creation_timestamp": "2025-10-20T21:00:07.000000Z"}, {"uuid": "5f661ec4-d234-47ad-803d-42ad3cea304d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3m27wi4ryjr2u", "content": "", "creation_timestamp": "2025-10-02T16:02:21.591184Z"}, {"uuid": "ac52ba92-53ab-427e-ad91-2b32ecce2761", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/115305430602725579", "content": "", "creation_timestamp": "2025-10-02T16:07:24.317831Z"}, {"uuid": "cd44e503-d54a-4b0c-8954-57a5cba7069b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-10-02T18:10:02.000000Z"}, {"uuid": "55734d65-30d6-4413-80f5-ed5f72336692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-10-03T04:32:31.000000Z"}, {"uuid": "199c8995-451a-4cfd-a586-3c1106eb1b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2017-1000353", "type": "published-proof-of-concept", "source": "https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/detectors/rce/cve20171000353", "content": "", "creation_timestamp": "2021-02-05T21:43:47.000000Z"}]}