Security News > 2024 > January > 45k Jenkins servers exposed to RCE attacks using public exploits
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution flaw for which multiple public proof-of-concept exploits are in circulation.
Depending on the instance's configuration, attackers could decrypt stored secrets, delete items from Jenkins servers, and download Java heap dumps.
Late last week, security researchers warned of multiple working exploits for CVE-2023-23897, which dramatically elevates the risk for unpatched Jenkins servers and increases the likelihood of in-the-wild exploitation.
Today, threat monitoring service Shadowserver reported that its scanners have "Caught" roughly 45,000 unpatched Jenkins instances, indicating a massive attack surface.
Most of the vulnerable internet-exposed instances are in China and the United States, followed by Germany, India, France, and the UK. Shadowserver's stats represent a dire warning to Jenkins administrators, as hackers are very likely already conducting scans to find potential targets, and CVE-2023-23897 can have severe repercussions if successfully exploited.
Exploits released for critical Jenkins RCE flaw, patch now.
News URL
Related news
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-10 | CVE-2023-23897 | Unspecified vulnerability in Ozette Simple Mobile URL Redirect Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions. | 8.8 |