45K+ Exposed Jenkins Instances Vulnerable to RCE Attacks

It was previously reported that Jenkins was discovered with a new critical vulnerability, which was associated with unauthenticated arbitrary file reads that can be utilized by threat actors to read sensitive files on the server. The CVE was mentioned as CVE-2024-23897, and the severity is yet to be categorized.

There were also reports mentioning a massive scan of Jenkins servers over the internet, according to a security researcher. However, currently, it has been reported that there are more than 45,000 publicly available Jenkins instances online.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Publicly Exposed Jenkins Servers

According to the reports shared with Cyber Security News, Jenkins has a total market share of 43%, which is a massively higher quadrant number than other CI/CD software. This makes Jenkins one of the most used open-source CI/CD servers across organizations.

Moreover, the vulnerability CVE-2023-23897 does not require any authentication on vulnerable instances. Though there is a specific criterion for exploiting the vulnerable instances, it is still deemed as a critical vulnerability due to the ease of exploitation.

For a security researcher or threat actor to find if a specific Jenkins instance is vulnerable, they do not require any kind of special skills. A simple cURL command with only the IP address and port number of the server is more than enough to confirm if an instance is vulnerable.

45000 Servers exposed

Shadowserver reported that there were more than 45,000 servers that could be exploited if they had been misconfigured. Adding to the threat, another vulnerability was also reported that was in combination with CVE-2023-23897. 

This vulnerability was an unauthenticated, remote code execution vulnerability that could allow a threat actor to execute arbitrary commands on the vulnerable instance. However, as per Shadowserver reports, China has the highest number of Jenkins instances, accounting for nearly 12,000 servers.

Followed by the United States of America with 11,830 servers. Germany and India have approximately 3000 and 2500 servers, respectively. Other countries had multiple Jenkins servers exposed over the internet.

Nevertheless, it is recommended that all organizations upgrade the Jenkins servers to the latest versions to prevent these servers from getting exploited by threat actors.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

CISA Proposes National Cyber Incident Response Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a proposed update to the National…

52 minutes ago

Iranian Hackers Launched A Massive Attack to Exploit Global ICS Infrastructure

In a joint cybersecurity advisory, the FBI, CISA, NSA, and partner agencies from Canada, the…

3 hours ago

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers…

3 hours ago

CISA Issues Secure Practices for Cloud Services To Strengthen U.S Federal Agencies

In a decisive move to bolster cloud security, the Cybersecurity and Infrastructure Security Agency (CISA)…

3 hours ago

Fortinet Critical Vulnerabilitiy Let Attackers Inject Commands Remotely

Fortinet, a global leader in cybersecurity solutions, has issued an urgent security advisory addressing two…

4 hours ago

Critical Chrome Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Google has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205…

5 hours ago