Security News > 2020 > February > 12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks

A vulnerability in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered.

The vulnerability can also be triggered by a single, spoofed UDP packet to launch DoS attacks against those same vulnerable Jenkins servers, by forcing them into an infinite loop of replies that can't be stopped unless one of the servers is rebooted or has its Jenkins service restarted.

"The vulnerability allows attackers to abuse Jenkins servers by reflecting UDP requests off port UDP/33848, resulting in an amplified DDoS attack containing Jenkins metadata. This is possible because Jenkins/Hudson servers do not properly monitor network traffic and are left open to discover other Jenkins/Hudson instances," Radware researchers explained.

"An attacker can either send a UDP broadcast packet locally to 255.255.255.255:33848 or they could send a UDP multicast packet to JENKINS REFLECTOR:33848. When a packet is received, regardless of the payload, Jenkins/Hudson will send an XML response of Jenkins metadata in a datagram to the requesting client, giving attackers the ability to abuse its UDP multicast/broadcast service to carry out DDoS attacks."

"Combined with over 12,000 exposed Jenkins servers globally, it creates a viable DDoS threat," the researchers concluded.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ycfBqb23NGA/