Security News > 2024 > January > Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released
The number of public-facing installs of Jenkins servers vulnerable to a recently disclosed critical vulnerability is in the tens of thousands.
Trailing them are India, Germany, Republic of Korea, France, and the UK. The revelation of the vast attack surface comes days after multiple exploits were made public on January 26 - themselves released just two days after the coordinated disclosure from Jenkins and Yaniv Nizry, the researcher at Sonar who first discovered the vulnerability.
CVE-2024-23897 is the critical vulnerability disclosed by Sonar and the main reason for Jenkins attracting so much attention from the infosec community of late, although a separate high-severity flaw was also disclosed.
"As of publication of this advisory, the Jenkins security team has found ways to read the first three lines of files in recent releases of Jenkins without having any plugins installed, and has not identified any plugins that would increase this line count," the advisory reads.
The Jenkins team went on to detail the various different types of feasible attacks that could play out if the vulnerability was exploited, each resulting in different types of sensitive data being exposed.
Jenkins commonly uses 32-byte random binary secrets meaning attackers would need to correctly guess 16 bytes, which the developers said is "Unfeasible."
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/30/jenkins_rce_flaw_patch/
Related news
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-24 | CVE-2024-23897 | Path Traversal vulnerability in Jenkins Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. | 9.8 |