It was previously reported that Jenkins was discovered with a new critical vulnerability, which was associated with unauthenticated arbitrary file reads that can be utilized by threat actors to read sensitive files on the server. The CVE was mentioned as CVE-2024-23897, and the severity is yet to be categorized.
There were also reports mentioning a massive scan of Jenkins servers over the internet, according to a security researcher. However, currently, it has been reported that there are more than 45,000 publicly available Jenkins instances online.
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Around 45K exposed Jenkins instances vulnerable to CVE-2024-23897 (Arbitrary file read vulnerability through the CLI can lead to RCE). If you run Jenkins & receive an alert from us make sure to read Jenkins advisory: https://t.co/aPPOHT1WXx
— Shadowserver (@Shadowserver) January 29, 2024
World map: https://t.co/GNVwKGM1R9 pic.twitter.com/Zb9Do5BOi8
Publicly Exposed Jenkins Servers
According to the reports shared with Cyber Security News, Jenkins has a total market share of 43%, which is a massively higher quadrant number than other CI/CD software. This makes Jenkins one of the most used open-source CI/CD servers across organizations.
Moreover, the vulnerability CVE-2023-23897 does not require any authentication on vulnerable instances. Though there is a specific criterion for exploiting the vulnerable instances, it is still deemed as a critical vulnerability due to the ease of exploitation.
For a security researcher or threat actor to find if a specific Jenkins instance is vulnerable, they do not require any kind of special skills. A simple cURL command with only the IP address and port number of the server is more than enough to confirm if an instance is vulnerable.
45000 Servers exposed
Shadowserver reported that there were more than 45,000 servers that could be exploited if they had been misconfigured. Adding to the threat, another vulnerability was also reported that was in combination with CVE-2023-23897.Â
This vulnerability was an unauthenticated, remote code execution vulnerability that could allow a threat actor to execute arbitrary commands on the vulnerable instance. However, as per Shadowserver reports, China has the highest number of Jenkins instances, accounting for nearly 12,000 servers.
Followed by the United States of America with 11,830 servers. Germany and India have approximately 3000 and 2500 servers, respectively. Other countries had multiple Jenkins servers exposed over the internet.
Nevertheless, it is recommended that all organizations upgrade the Jenkins servers to the latest versions to prevent these servers from getting exploited by threat actors.
