CISA Warns of Important Jenkins Vulnerability Exploited in Ransomware Assaults

Aug 20, 2024Ravie LakshmananVulnerability / Ransomware

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has added a essential safety flaw impacting Jenkins to its Recognized Exploited Vulnerabilities (KEV) catalog, following its exploitation in ransomware assaults.

The vulnerability, tracked as CVE-2024-23897 (CVSS rating: 9.8), is a path traversal flaw that might result in code execution.

“Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution,” CISA mentioned in a press release.

Cybersecurity

It was first disclosed by Sonar safety researchers in January 2024 and addressed in Jenkins variations 2.442 and LTS 2.426.3 by disabling the command parser function.

Again in March, Development Micro mentioned it uncovered a number of assault cases originating from the Netherlands, Singapore, and Germany, and that it discovered cases the place distant code execution exploits for the flaw have been actively being traded.

Jenkins Vulnerability Ransomware Attacks

In latest weeks, CloudSEK and Juniper Networks have revealed a sequence of cyber assaults exploiting CVE-2024-23897 within the wild to infiltrate the businesses BORN Group and Brontoo Expertise Options.

The assaults have been attributed to risk actor often called IntelBroker and the RansomExx ransomware gang, respectively.

Cybersecurity

“CVE-2024-23897 is an unauthenticated LFI vulnerability that allows attackers to read arbitrary files on the Jenkins server,” CloudSEK mentioned. “This vulnerability arises from improper input validation, enabling attackers to manipulate specific parameters and trick the server into accessing and displaying the contents of sensitive files.”

Jenkins Vulnerability Ransomware Attacks

In gentle of the lively exploitation of the vulnerability, Federal Civilian Government Department (FCEB) companies have time until September 9, 2024, to use the fixes and safe their networks in opposition to lively threats.

Discovered this text attention-grabbing? Comply with us on Twitter and LinkedIn to learn extra unique content material we submit.

Recent articles

Meta Fined €251 Million for 2018 Knowledge Breach Impacting 29 Million Accounts

Dec 18, 2024Ravie LakshmananKnowledge Breach / Privateness Meta Platforms, the...

Hackers Use Pretend PoCs on GitHub to Steal WordPress Credentials, AWS Keys

SUMMARY Pretend PoCs on GitHub: Cybercriminals used trojanized proof-of-concept (PoC)...