Immunity Canvas: JENKINS_XSTREAM_RCE

2018-01-05T09:29:09
ID JENKINS_XSTREAM_RCE
Type canvas
Reporter Immunity Canvas
Modified 2018-01-05T09:29:09

Description

Name| jenkins_xstream_rce
---|---
CVE| CVE-2017-2068
Exploit Pack| CANVAS
Description| jenkins_xstream_rce
Notes| CVE Name: CVE-2017-2068
VENDOR: Jenkins
NOTES:
XStream-based APIs in Jenkins CI previous to version 2.44 are vulnerable to a remote code execution
vulnerability involving the deserialization of various types in javax.imageio package

Authentication is required to reach the vulnerable endpoints, however a normal user (non-admin) can
reach these endpoints when the Role Strategy plugin is not installed (which is not by default).

Tested versions:
> Ubuntu Linux 16.04 LTS - 64bit
- Jenkins 2.43 on Tomcat 8.0.30 with Java SE 8 / 7
- Jenkins 1.634, 2.0 & 2.43 on Tomcat 8.5.16 with Java SE 8 / 7
> Ubuntu Linux 14.04 - 32bit
- Jenkins 1.598 with Sun JRE v1.7.0_21

Repeatability: Infinite
References: ['https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2017-02-01', 'https://github.com/jenkinsci/jenkins/blob/b4095bc4b6c62023a2029e5e2faef8ad0e3a4252/test/src/test/java/hudson/util/XStream2Security383Test.java', 'https://github.com/jenkinsci/jenkins/blob/b4095bc4b6c62023a2029e5e2faef8ad0e3a4252/test/src/test/resources/hudson/util/XStream2Security383Test/config.xml']
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2068