1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of Jenkins instances exposed following attack

    From TechnologyDaily@1337:1/100 to All on Wed Jan 31 15:45:05 2024
    Thousands of Jenkins instances exposed following attack

    Date:
    Wed, 31 Jan 2024 15:34:31 +0000

    Description:
    A critical vulnerability was found in Jenkins, allowing for RCE against tens of thousands of instances.

    FULL STORY ======================================================================

    Tens of thousands of Jenkins servers are vulnerable to a high-severity bug that allows threat actors to run malicious code on the endpoints , remotely.

    The project recently released two patches addressing the vulnerability, and are urging users to apply them immediately and avoid unnecessary risk.

    Jenkins is an open source automation server for CI/CD, with which developers can build, test, and deploy various processes. No evidence of abuse (yet)

    Last week, the project released versions 2.442, and LTS 2.426.3, which
    address an arbitrary file read vulnerability tracked as CVE-2024-23897. This vulnerability, BleepingComputer reports, already has multiple
    proof-of-concept (PoC) exploits in the wild. As per the advisory released
    with the patches, the problem is in the command-line interface, which automatically replaces the @ character followed by a file path, with the contents of the file. This feature is turned on by default, it was added.

    Hackers can abuse it for a number of things, from accessing sensitive information such as secrets, to running malicious code on vulnerable endpoints. They could also delete files from Jenkins servers and download
    Java heap dumps.

    As per a Shadowserver scan, there are roughly 45,000 unpatched Jenkins
    servers that could be potential targets. The majority of these endpoints is located in China (12,000), followed by the United States (11,830), Germany (3,060), India (2,681), France (1,431), and the UK (1,029). Researchers are saying that there are multiple PoCs already circulating on the internet, but its unclear if any threat actors picked up on them or tried to use them in
    any of their campaigns.

    BleepingComputer says that some Jenkins honeypots did observe activities resembling genuine exploitation attempts, although the evidence seems to be inconclusive.

    Given the severity of the flaw, IT admins are advised to apply the patch as soon as possible. Those that are unable to do so should reach out to the Jenkins project for recommendations and workarounds. More from TechRadar Pro Atlassian Confluence hacked to mine Monero Here's a list of the best
    firewalls around today These are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-jenkins-instances-exposed- following-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)