Dive Brief:
- The Cybersecurity and Infrastructure Security Agency warned federal agencies that threat groups are actively exploiting a critical vulnerability in Jenkins that was initially disclosed in January. The agency added the CVE to its known exploited vulnerabilities catalog on Monday.
- A ransomware attack targeting Brontoo Technology Solutions disrupted banks in India in late July after attackers exploited the Jenkins vulnerability, according to researchers at CloudSEK and Juniper Networks.
- The command line interface path traversal vulnerability, CVE-2024-23897, has a CVSS rating of 9.8 and can be exploited by unauthenticated attackers to read arbitrary files and achieve remote code execution.
Dive Insight:
Jenkins is a widely used open source tool with a 45% share of the CI/CD market, according to the Linux Foundation’s Continuous Delivery Foundation. More than 11 million developers were using Jenkins for nearly 49 million workloads globally as of August 2023.
Shadowserver tracked more than 31,000 Jenkins instances potentially exposed to the vulnerability on Monday. Scans from the threat tracking service showed nearly 50,000 unpatched Jenkins instances in January when the CVE was first disclosed.
The vulnerability, which a ransomware group exploited to gain initial access to Brontoo Technology Solution’s systems, “exists because the command parser’s built-in feature has not been disabled by default,” Shwetanjali Rasal, threat research engineer at Juniper Networks, said in an Aug. 13 blog post.
“If successfully exploited, this vulnerability can lead to the leakage of sensitive files and data, potential command execution, and enable a ransomware attack,” Rasal said in the blog post.
This type of vulnerability in unpatched Jenkins servers is a frequent attack vector for malicious attackers and poses significant risk to the federal enterprise, CISA said in its alert based on evidence of active exploitation.
Jenkins issued a patch and workaround for the CVE on Jan. 24.
Source link
