45K+ Exposed Jenkins Instances Vulnerable to RCE Attacks

It was previously reported that Jenkins was discovered with a new critical vulnerability, which was associated with unauthenticated arbitrary file reads that can be utilized by threat actors to read sensitive files on the server. The CVE was mentioned as CVE-2024-23897, and the severity is yet to be categorized.

There were also reports mentioning a massive scan of Jenkins servers over the internet, according to a security researcher. However, currently, it has been reported that there are more than 45,000 publicly available Jenkins instances online.

Document
Run Free ThreatScan on Your Mailbox

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .

Publicly Exposed Jenkins Servers

According to the reports shared with Cyber Security News, Jenkins has a total market share of 43%, which is a massively higher quadrant number than other CI/CD software. This makes Jenkins one of the most used open-source CI/CD servers across organizations.

Moreover, the vulnerability CVE-2023-23897 does not require any authentication on vulnerable instances. Though there is a specific criterion for exploiting the vulnerable instances, it is still deemed as a critical vulnerability due to the ease of exploitation.

For a security researcher or threat actor to find if a specific Jenkins instance is vulnerable, they do not require any kind of special skills. A simple cURL command with only the IP address and port number of the server is more than enough to confirm if an instance is vulnerable.

45000 Servers exposed

Shadowserver reported that there were more than 45,000 servers that could be exploited if they had been misconfigured. Adding to the threat, another vulnerability was also reported that was in combination with CVE-2023-23897. 

This vulnerability was an unauthenticated, remote code execution vulnerability that could allow a threat actor to execute arbitrary commands on the vulnerable instance. However, as per Shadowserver reports, China has the highest number of Jenkins instances, accounting for nearly 12,000 servers.

Followed by the United States of America with 11,830 servers. Germany and India have approximately 3000 and 2500 servers, respectively. Other countries had multiple Jenkins servers exposed over the internet.

Nevertheless, it is recommended that all organizations upgrade the Jenkins servers to the latest versions to prevent these servers from getting exploited by threat actors.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Critical Microsoft’s Time Travel Debugging Tool Vulnerability Let Attackers Mask Detection

Microsoft’s Time Travel Debugging (TTD) framework, a powerful tool for recording and replaying Windows program…

9 hours ago

ServiceNow Acquires Moveworks for $2.85 Billion to Boost AI Capabilities

In a landmark move to strengthen its position in the rapidly evolving artificial intelligence landscape,…

10 hours ago

Apple iOS 18.4 Beta 3 Released – What’s New!

Apple released iOS 18.4 Beta 3 on March 10, 2025, for developers, with a build…

10 hours ago

Researcher Hacks Embedded Devices to Uncover Firmware Secrets

In a recent exploration of embedded device hacking, a researcher demonstrated how to extract firmware…

11 hours ago

North Korean Hackers Use ZIP Files to Deploy Malicious PowerShell Scripts

North Korean state-sponsored hackers, known as APT37 or ScarCruft, have been employing sophisticated tactics to…

11 hours ago

Ragnar Loader Used by Multiple Ransomware Groups to Bypass Detection

Ragnar Loader, a sophisticated toolkit associated with the Ragnar Locker ransomware group, has been instrumental…

11 hours ago