Tuesday, June 18, 2024

45K+ Exposed Jenkins Instances Vulnerable to RCE Attacks

It was previously reported that Jenkins was discovered with a new critical vulnerability, which was associated with unauthenticated arbitrary file reads that can be utilized by threat actors to read sensitive files on the server. The CVE was mentioned as CVE-2024-23897, and the severity is yet to be categorized.

There were also reports mentioning a massive scan of Jenkins servers over the internet, according to a security researcher. However, currently, it has been reported that there are more than 45,000 publicly available Jenkins instances online.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Publicly Exposed Jenkins Servers

According to the reports shared with Cyber Security News, Jenkins has a total market share of 43%, which is a massively higher quadrant number than other CI/CD software. This makes Jenkins one of the most used open-source CI/CD servers across organizations.

Moreover, the vulnerability CVE-2023-23897 does not require any authentication on vulnerable instances. Though there is a specific criterion for exploiting the vulnerable instances, it is still deemed as a critical vulnerability due to the ease of exploitation.

For a security researcher or threat actor to find if a specific Jenkins instance is vulnerable, they do not require any kind of special skills. A simple cURL command with only the IP address and port number of the server is more than enough to confirm if an instance is vulnerable.

45000 Servers exposed

Shadowserver reported that there were more than 45,000 servers that could be exploited if they had been misconfigured. Adding to the threat, another vulnerability was also reported that was in combination with CVE-2023-23897. 

This vulnerability was an unauthenticated, remote code execution vulnerability that could allow a threat actor to execute arbitrary commands on the vulnerable instance. However, as per Shadowserver reports, China has the highest number of Jenkins instances, accounting for nearly 12,000 servers.

Followed by the United States of America with 11,830 servers. Germany and India have approximately 3000 and 2500 servers, respectively. Other countries had multiple Jenkins servers exposed over the internet.

Nevertheless, it is recommended that all organizations upgrade the Jenkins servers to the latest versions to prevent these servers from getting exploited by threat actors.

Website

Latest articles

Singapore Police Arrested Two Individuals Involved in Hacking Android Devices

The Singapore Police Force (SPF) has arrested two men, aged 26 and 47, for...

CISA Conducts First-Ever Tabletop Exercise Focused on AI Cyber Incident Response

On June 13, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) made history by...

Europol Taken Down 13 Websites Linked to Terrorist Operations

Europol and law enforcement agencies from ten countries have taken down 13 websites linked...

New ARM ‘TIKTAG’ Attack Impacts Google Chrome, Linux Systems

Memory corruption lets attackers hijack control flow, execute code, elevate privileges, and leak data.ARM's...

Operation Celestial Force Employing Android And Windows Malware To Attack Indian Users

A Pakistani threat actor group, Cosmic Leopard, has been conducting a multi-year cyber espionage...

Hunt3r Kill3rs Group claims they Infiltrated Schneider Electric Systems in Germany

The notorious cybercriminal group Hunt3r Kill3rs has claimed responsibility for infiltrating Schneider Electric's systems...

Hackers Employing New Techniques To Attack Docker API

Attackers behind Spinning YARN launched a new cryptojacking campaign targeting publicly exposed Docker Engine...
Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles