Headline
CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks. The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution. "Jenkins Command Line Interface (CLI) contains a
Vulnerability / Ransomware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw impacting Jenkins to its Known Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware attacks.
The vulnerability, tracked as CVE-2024-23897 (CVSS score: 9.8), is a path traversal flaw that could lead to code execution.
“Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution,” CISA said in a statement.
It was first disclosed by Sonar security researchers in January 2024 and addressed in Jenkins versions 2.442 and LTS 2.426.3 by disabling the command parser feature.
Back in March, Trend Micro said it uncovered several attack instances originating from the Netherlands, Singapore, and Germany, and that it found instances where remote code execution exploits for the flaw were actively being traded.
In recent weeks, CloudSEK and Juniper Networks have revealed real-world attacks exploiting CVE-2024-23897 in the wild to infiltrate the companies BORN Group and Brontoo Technology Solutions.
The attacks have been attributed to threat actor known as IntelBroker and the RansomExx ransomware gang, respectively.
“CVE-2024-23897 is an unauthenticated LFI vulnerability that allows attackers to read arbitrary files on the Jenkins server,” CloudSEK said. “This vulnerability arises from improper input validation, enabling attackers to manipulate specific parameters and trick the server into accessing and displaying the contents of sensitive files.”
In light of the active exploitation of the vulnerability, Federal Civilian Executive Branch (FCEB) agencies have time till September 9, 2024, to apply the fixes and secure their networks against active threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Jenkins version 2.441 suffers from a local file inclusion vulnerability.
Red Hat Security Advisory 2024-0778-03 - An update for Jenkins and Jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.12. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, improper authorization, information leakage, insecure permissions, and open redirection vulnerabilities.
Red Hat Security Advisory 2024-0776-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.
Red Hat Security Advisory 2024-0775-03 - An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.11. Issues addressed include bypass, code execution, cross site scripting, deserialization, information leakage, and insecure permissions vulnerabilities.
By Deeba Ahmed The vulnerabilities stem from the way Jenkins handles user-supplied data. This is a post from HackRead.com Read the original post: Excessive Expansion Vulnerabilities Leave Jenkins Servers Open to Attacks
The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the
Jenkins has a built-in command line interface (CLI) to access Jenkins from a script or shell environment. Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands. This command parser has a feature that replaces an @ character followed by a file path in an argument with the file’s contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it. This allows attackers to read arbitrary files on the Jenkins controller file system using the default character encoding of the Jenkins controller process. * Attackers with Overall/Read permission can read entire files. * Attackers without Overall/Read permission can read the first few lines of files. The number of lines that can be read depends on available CLI commands. As of publication of this advisory, the Jenkins security team has found ways to read the first three lines of files in recent relea...