Cybersecurity and Infrastructure Security Agency (CISA) issues alert about ongoing exploitation focusing on prevalent continuous integration and continuous delivery (CI/CD) utility Jenkins

Cybersecurity and Infrastructure Security Agency (CISA) issues alert about ongoing exploitation focusing on prevalent continuous integration and continuous delivery (CI/CD) utility Jenkins

In late July, a ransomware attack on Brontoo Technology Solutions disrupted banks in India, exploiting the Jenkins vulnerability, CVE-2024-23897. This critical flaw, with a CVSS rating of 9.8, affects Jenkins versions 2.441 and earlier, including LTS 2.426.

The vulnerability allows attackers to read arbitrary files via the command line interface, escalating to potential remote code execution. Since early 2024, multiple public sources and scanning efforts have tagged vulnerable Jenkins instances online, but exact global counts of exposed systems are not provided explicitly in the recent reports. Given Jenkins' widespread use in CI/CD pipelines, it is reasonable to infer a significant number of potentially exposed instances remain if not updated or otherwise mitigated.

To mitigate this risk, it is recommended to update Jenkins to the latest patched version, at least above 2.441 or the corresponding patched LTS release. Additionally, restricting CLI access to trusted administrators and tightening network access controls can help prevent unauthorized exploitation. Monitoring Jenkins logs and network traffic for suspicious commands or file access attempts is also advised.

CISA has added CVE-2024-23897 to its known exploited vulnerabilities catalog, identifying this type of vulnerability in unpatched Jenkins servers as a frequent attack vector for malicious attackers. The vulnerability can potentially lead to the leakage of sensitive files and data.

The exploitation of the Jenkins vulnerability can enable a ransomware attack, as demonstrated by the incident at Brontoo Technology Solutions. Scans from the threat tracking service showed nearly 50,000 unpatched Jenkins instances in January when the CVE was first disclosed, while Shadowserver tracked more than 31,000 Jenkins instances potentially exposed to the vulnerability on Monday.

Jenkins, a widely used open source tool with a 45% share of the CI/CD market, holds a significant position in the industry. Managed by the Linux Foundation's Continuous Delivery Foundation, Jenkins is used by more than 11 million developers for nearly 49 million workloads globally. The vulnerability exists due to the command parser's built-in feature not being disabled by default.

Jenkins issued a patch and workaround for the CVE on January 24. Despite this, the number of unpatched instances remains concerning. Proactive patching is strongly advised due to the critical nature of the flaw and the potential for remote code execution.

In summary, CVE-2024-23897 remains a significant threat to Jenkins instances on older versions, with mitigation focused on upgrading Jenkins and limiting CLI access. Precise figures on the number of currently vulnerable Jenkins systems are not explicitly quantified in the latest public threat intelligence. However, the risk is clear, and vigilance is essential to protect against this critical vulnerability.

Read also:

• New study reveals that Language Models can execute complex assaults independent of human intervention
• Gadgets and Tech Essentials to Outshine Your Studies in the Upcoming Academic Term
• A separate cable linking to an RTX 50-Series GPU could potentially not be attributed to Nvidia for the issue.
• Today's top computer savings: Grab the new iPad M3 for $100 less, or snag a RTX 5080 gaming PC with a $400 discount and a complimentary gaming monitor included.